From a0a18973d8d0dfd214dc4fa16fb93e8f1c677db3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Dec 2024 15:29:51 -0500 Subject: [PATCH] add new salt bootstrap --- salt/salt/scripts/bootstrap-salt.sh | 4188 ++++++++------------------- 1 file changed, 1223 insertions(+), 2965 deletions(-) diff --git a/salt/salt/scripts/bootstrap-salt.sh b/salt/salt/scripts/bootstrap-salt.sh index a016524e6..4e65008dc 100644 --- a/salt/salt/scripts/bootstrap-salt.sh +++ b/salt/salt/scripts/bootstrap-salt.sh @@ -1,9 +1,12 @@ -#!/bin/sh - +#!/bin/sh # WARNING: Changes to this file in the salt repo will be overwritten! # Please submit pull requests against the salt-bootstrap repo: # https://github.com/saltstack/salt-bootstrap - +# shellcheck disable=SC2317 +# shellcheck disable=SC2086 +# shellcheck disable=SC2329 +# #====================================================================================================================== # vim: softtabstop=4 shiftwidth=4 expandtab fenc=utf-8 spell spelllang=en cc=120 #====================================================================================================================== @@ -14,7 +17,7 @@ # # BUGS: https://github.com/saltstack/salt-bootstrap/issues # -# COPYRIGHT: (c) 2012-2022 by the SaltStack Team, see AUTHORS.rst for more +# COPYRIGHT: (c) 2012-2024 by the SaltStack Team, see AUTHORS.rst for more # details. # # LICENSE: Apache 2.0 @@ -23,7 +26,7 @@ #====================================================================================================================== set -o nounset # Treat unset variables as an error -__ScriptVersion="2023.08.03" +__ScriptVersion="2024.11.07" __ScriptName="bootstrap-salt.sh" __ScriptFullName="$0" @@ -121,16 +124,35 @@ __check_command_exists() { command -v "$1" > /dev/null 2>&1 } +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __check_services_systemd_functional +# DESCRIPTION: Set _SYSTEMD_FUNCTIONAL = BS_TRUE or BS_FALSE case where systemd is functional (for example: container may not have systemd) +#---------------------------------------------------------------------------------------------------------------------- +__check_services_systemd_functional() { + + # check if systemd is functional, having systemctl present is insufficient + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_FALSE ]; then + # already determined systemd is not functional, default is 1 + return + fi + + if __check_command_exists systemctl; then + # shellcheck disable=SC2034 + _SYSTEMD_HELP="$(systemctl --help)" + else + _SYSTEMD_FUNCTIONAL=$BS_FALSE + echoerror "systemctl: command not found, assume systemd not implemented, _SYSTEMD_FUNCTIONAL $_SYSTEMD_FUNCTIONAL" + fi +} # ---------- end of function __check_services_systemd_functional ---------- + #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __check_pip_allowed # DESCRIPTION: Simple function to let the users know that -P needs to be used. #---------------------------------------------------------------------------------------------------------------------- __check_pip_allowed() { - if [ $# -eq 1 ]; then - _PIP_ALLOWED_ERROR_MSG=$1 - else - _PIP_ALLOWED_ERROR_MSG="pip based installations were not allowed. Retry using '-P'" - fi + + _PIP_ALLOWED_ERROR_MSG="pip based installations were not allowed. Retry using '-P'" if [ "$_PIP_ALLOWED" -eq $BS_FALSE ]; then echoerror "$_PIP_ALLOWED_ERROR_MSG" @@ -228,6 +250,7 @@ _TEMP_KEYS_DIR="null" _SLEEP="${__DEFAULT_SLEEP}" _INSTALL_MASTER=$BS_FALSE _INSTALL_SYNDIC=$BS_FALSE +_INSTALL_SALT_API=$BS_FALSE _INSTALL_MINION=$BS_TRUE _INSTALL_CLOUD=$BS_FALSE _VIRTUALENV_DIR=${BS_VIRTUALENV_DIR:-"null"} @@ -266,19 +289,16 @@ _CUSTOM_REPO_URL="null" _CUSTOM_MASTER_CONFIG="null" _CUSTOM_MINION_CONFIG="null" _QUIET_GIT_INSTALLATION=$BS_FALSE -_REPO_URL="repo.saltproject.io" -_ONEDIR_DIR="salt" -_ONEDIR_NIGHTLY_DIR="salt-dev/${_ONEDIR_DIR}" +_REPO_URL="packages.broadcom.com/artifactory" _PY_EXE="python3" -_INSTALL_PY="$BS_FALSE" -_TORNADO_MAX_PY3_VERSION="5.0" -_POST_NEON_INSTALL=$BS_FALSE _MINIMUM_PIP_VERSION="9.0.1" -_MINIMUM_SETUPTOOLS_VERSION="9.1" -_POST_NEON_PIP_INSTALL_ARGS="--prefix=/usr" +_MINIMUM_SETUPTOOLS_VERSION="65.6.3" +_MAXIMUM_SETUPTOOLS_VERSION="69.0" +_PIP_INSTALL_ARGS="--prefix=/usr" _PIP_DOWNLOAD_ARGS="" _QUICK_START="$BS_FALSE" _AUTO_ACCEPT_MINION_KEYS="$BS_FALSE" +_SYSTEMD_FUNCTIONAL=$BS_TRUE # Defaults for install arguments ITYPE="stable" @@ -297,9 +317,9 @@ __usage() { - stable Install latest stable release. This is the default install type - stable [branch] Install latest version on a branch. Only supported - for packages available at repo.saltproject.io + for packages available at packages.broadcom.com - stable [version] Install a specific version. Only supported for - packages available at repo.saltproject.io + packages available at packages.broadcom.com To pin a 3xxx minor version, specify it as 3xxx.0 - testing RHEL-family specific: configure EPEL testing repo - git Install from the head of the master branch @@ -307,17 +327,11 @@ __usage() { commit) - onedir Install latest onedir release. - onedir [version] Install a specific version. Only supported for - onedir packages available at repo.saltproject.io + onedir packages available at packages.broadcom.com - onedir_rc Install latest onedir RC release. - onedir_rc [version] Install a specific version. Only supported for - onedir RC packages available at repo.saltproject.io - - old-stable Install latest old stable release. - - old-stable [branch] Install latest version on a branch. Only supported - for packages available at repo.saltproject.io - - old-stable [version] Install a specific version. Only supported for - packages available at repo.saltproject.io - To pin a 3xxx minor version, specify it as 3xxx.0 + onedir RC packages available at packages.broadcom.com Examples: - ${__ScriptName} @@ -326,16 +340,15 @@ __usage() { - ${__ScriptName} stable 3006.1 - ${__ScriptName} testing - ${__ScriptName} git - - ${__ScriptName} git 2017.7 - - ${__ScriptName} git v2017.7.2 + - ${__ScriptName} git 3006.7 + - ${__ScriptName} git v3006.8 + - ${__ScriptName} git 3007.1 + - ${__ScriptName} git v3007.1 - ${__ScriptName} git 06f249901a2e2f1ed310d58ea3921a129f214358 - ${__ScriptName} onedir - ${__ScriptName} onedir 3006 - ${__ScriptName} onedir_rc - - ${__ScriptName} onedir_rc 3006 - - ${__ScriptName} old-stable - - ${__ScriptName} old-stable 3005 - - ${__ScriptName} old-stable 3005.1 + - ${__ScriptName} onedir_rc 3008 Options: @@ -349,7 +362,7 @@ __usage() { step. -c Temporary configuration directory -C Only run the configuration function. Implies -F (forced overwrite). - To overwrite Master or Syndic configs, -M or -S, respectively, must + To overwrite Master, Syndic or Api configs, -M,-S or -W, respectively, must also be specified. Salt installation will be ommitted, but some of the dependencies could be installed to write configuration with -j or -J. -d Disables checking if Salt services are enabled to start on system boot. @@ -401,8 +414,8 @@ __usage() { And automatically accept the minion key. -R Specify a custom repository URL. Assumes the custom repository URL points to a repository that mirrors Salt packages located at - repo.saltproject.io. The option passed with -R replaces the - "repo.saltproject.io". If -R is passed, -r is also set. Currently only + packages.broadcom.com. The option passed with -R replaces the + "packages.broadcom.com". If -R is passed, -r is also set. Currently only works on CentOS/RHEL and Debian based distributions and macOS. -s Sleep time used when waiting for daemons to start, restart and when checking for the services running. Default: ${__DEFAULT_SLEEP} @@ -414,23 +427,15 @@ __usage() { -v Display script version -V Install Salt into virtualenv (only available for Ubuntu based distributions) - -x Changes the Python version used to install Salt. - For CentOS 6 git installations python2.7 is supported. - Fedora git installation, CentOS 7, Ubuntu 18.04 support python3. + -W Also install salt-api + -x Changes the Python version used to install Salt (default: Python 3). + Python 2.7 is no longer supported. -X Do not start daemons after installation - -y Installs a different python version on host. Currently this has only been - tested with CentOS 6 and is considered experimental. This will install the - ius repo on the box if disable repo is false. This must be used in conjunction - with -x . For example: - sh bootstrap.sh -P -y -x python2.7 git v2017.7.2 - The above will install python27 and install the git version of salt using the - python2.7 executable. This only works for git and pip installations. EOT } # ---------- end of function __usage ---------- - -while getopts ':hvnDc:g:Gyx:k:s:MSNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aqQ' opt +while getopts ':hvnDc:g:Gx:k:s:MSWNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aqQ' opt do case "${opt}" in @@ -450,6 +455,7 @@ do s ) _SLEEP=$OPTARG ;; M ) _INSTALL_MASTER=$BS_TRUE ;; S ) _INSTALL_SYNDIC=$BS_TRUE ;; + W ) _INSTALL_SALT_API=$BS_TRUE ;; N ) _INSTALL_MINION=$BS_FALSE ;; X ) _START_DAEMONS=$BS_FALSE ;; C ) _CONFIG_ONLY=$BS_TRUE ;; @@ -476,7 +482,6 @@ do q ) _QUIET_GIT_INSTALLATION=$BS_TRUE ;; Q ) _QUICK_START=$BS_TRUE ;; x ) _PY_EXE="$OPTARG" ;; - y ) _INSTALL_PY="$BS_TRUE" ;; \?) echo echoerror "Option does not exist : $OPTARG" @@ -488,7 +493,6 @@ do done shift $((OPTIND-1)) - # Define our logging file and pipe paths LOGFILE="/tmp/$( echo "$__ScriptName" | sed s/.sh/.log/g )" LOGPIPE="/tmp/$( echo "$__ScriptName" | sed s/.sh/.logpipe/g )" @@ -596,7 +600,15 @@ fi echoinfo "Running version: ${__ScriptVersion}" echoinfo "Executed by: ${CALLER}" echoinfo "Command line: '${__ScriptFullName} ${__ScriptArgs}'" -echowarn "Running the unstable version of ${__ScriptName}" + +# Defaults +STABLE_REV="latest" +ONEDIR_REV="latest" +_ONEDIR_REV="latest" +YUM_REPO_FILE="/etc/yum.repos.d/salt.repo" + +# check if systemd is functional +__check_services_systemd_functional # Define installation type if [ "$#" -gt 0 ];then @@ -606,17 +618,11 @@ if [ "$#" -gt 0 ];then fi # Check installation type -if [ "$(echo "$ITYPE" | grep -E '(stable|testing|git|onedir|onedir_rc|old-stable)')" = "" ]; then +if [ "$(echo "$ITYPE" | grep -E '(stable|testing|git|onedir|onedir_rc)')" = "" ]; then echoerror "Installation type \"$ITYPE\" is not known..." exit 1 fi -# Due to our modifications to install_centos_onedir it is easiest to just lock down to only allowing stable install -if [ "$(echo "$ITYPE" | grep stable)" = "" ]; then - echoerror "This script has been modified to only support stable installation type. Installation type \"$ITYPE\" is not allowed..." - exit 1 -fi - # If doing a git install, check what branch/tag/sha will be checked out if [ "$ITYPE" = "git" ]; then if [ "$#" -eq 0 ];then @@ -632,45 +638,25 @@ if [ "$ITYPE" = "git" ]; then # If doing stable install, check if version specified elif [ "$ITYPE" = "stable" ]; then if [ "$#" -eq 0 ];then + STABLE_REV="latest" ONEDIR_REV="latest" _ONEDIR_REV="latest" ITYPE="onedir" else - if [ "$(echo "$1" | grep -E '^(nightly|latest|3005|3006)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then + STABLE_REV="$1" ONEDIR_REV="$1" _ONEDIR_REV="$1" ITYPE="onedir" shift elif [ "$(echo "$1" | grep -E '^([3-9][0-5]{2}[5-9](\.[0-9]*)?)')" != "" ]; then - ONEDIR_REV="minor/$1" + STABLE_REV="$1" + ONEDIR_REV="$1" _ONEDIR_REV="$1" ITYPE="onedir" shift else - echo "Unknown stable version: $1 (valid: 3005, 3006, latest)" - exit 1 - fi - fi - -# If doing old-stable install, check if version specified -elif [ "$ITYPE" = "old-stable" ]; then - if [ "$#" -eq 0 ];then - ITYPE="stable" - else - if [ "$(echo "$1" | grep -E '^(3003|3004|3005)$')" != "" ]; then - STABLE_REV="$1" - ITYPE="stable" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-5]{3}(\.[0-9]*)?)$')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - ITYPE="stable" - STABLE_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - if [ "$(uname)" != "Darwin" ]; then - STABLE_REV="archive/$STABLE_REV" - fi - shift - else - echo "Unknown old stable version: $1 (valid: 3003, 3004, 3005)" + echo "Unknown stable version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available" exit 1 fi fi @@ -678,52 +664,54 @@ elif [ "$ITYPE" = "old-stable" ]; then elif [ "$ITYPE" = "onedir" ]; then if [ "$#" -eq 0 ];then ONEDIR_REV="latest" + STABLE_REV="latest" else - if [ "$(echo "$1" | grep -E '^(nightly|latest|3005|3006)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then ONEDIR_REV="$1" - shift - elif [ "$(echo "$1" | grep -E '^(3005(\.[0-9]*)?)')" != "" ]; then - # Handle the 3005.0 version as 3005 archive (pin to minor) and strip the fake ".0" suffix - ONEDIR_REV=$(echo "$1" | sed -E 's/^(3005)\.0$/\1/') - ONEDIR_REV="minor/$ONEDIR_REV" + STABLE_REV="$1" shift elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}(\.[0-9]*)?)')" != "" ]; then - ONEDIR_REV="minor/$1" + ONEDIR_REV="$1" + STABLE_REV="$1" shift else - echo "Unknown onedir version: $1 (valid: 3005, 3006, latest, nightly.)" + echo "Unknown onedir version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available" exit 1 fi fi elif [ "$ITYPE" = "onedir_rc" ]; then - # Change the _ONEDIR_DIR to be the location for the RC packages - _ONEDIR_DIR="salt_rc/salt" + echoerror "RC Releases are not supported at this time" - # Change ITYPE to onedir so we use the regular onedir functions - ITYPE="onedir" - - if [ "$#" -eq 0 ];then - ONEDIR_REV="latest" - else - if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then - ONEDIR_REV="$1" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$1" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}\.[0-9]?rc[0-9]$)')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$1" - shift - else - echo "Unknown onedir_rc version: $1 (valid: 3005-1, latest.)" - exit 1 - fi - fi +## # Change the _ONEDIR_DIR to be the location for the RC packages +## _ONEDIR_DIR="salt_rc/salt" +## +## # Change ITYPE to onedir so we use the regular onedir functions +## ITYPE="onedir" +## +## if [ "$#" -eq 0 ];then +## ONEDIR_REV="latest" +## else +## if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then +## ONEDIR_REV="$1" +## shift +## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then +## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix +## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') +## ## ONEDIR_REV="minor/$1" don't have minor directory anymore +## ONEDIR_REV="$1" +## shift +## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}\.[0-9]?rc[0-9]$)')" != "" ]; then +## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix +## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') +## ## ONEDIR_REV="minor/$1" don't have minor directory anymore +## ONEDIR_REV="$1" +## shift +## else +## echo "Unknown onedir_rc version: $1 (valid: 3006-8, 3007-1, latest)" +## exit 1 +## fi +## fi fi # Doing a quick start, so install master @@ -773,7 +761,7 @@ if [ "$($whoami)" != "root" ]; then fi # Check that we're actually installing one of minion/master/syndic -if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then +if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && [ "$_INSTALL_SALT_API" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then echowarn "Nothing to install or configure" exit 1 fi @@ -806,6 +794,12 @@ if [ "$_CUSTOM_MINION_CONFIG" != "null" ]; then fi fi + +# Default to Python 3, no longer support for Python 2 +PY_PKG_VER=3 +_PY_PKG_VER="python3" +_PY_MAJOR_VERSION="3" + # Check if we're installing via a different Python executable and set major version variables if [ -n "$_PY_EXE" ]; then if [ "$(uname)" = "Darwin" ]; then @@ -814,19 +808,21 @@ if [ -n "$_PY_EXE" ]; then _PY_PKG_VER=$(echo "$_PY_EXE" | sed -E "s/\\.//g") fi - _PY_MAJOR_VERSION=$(echo "$_PY_PKG_VER" | cut -c 7) - if [ "$_PY_MAJOR_VERSION" != 3 ] && [ "$_PY_MAJOR_VERSION" != 2 ]; then - echoerror "Detected -x option, but Python major version is not 2 or 3." - echoerror "The -x option must be passed as python2, python27, or python2.7 (or use the Python '3' versions of examples)." + TEST_PY_MAJOR_VERSION=$(echo "$_PY_PKG_VER" | cut -c 7) + if [ "$TEST_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 + fi + + if [ "$TEST_PY_MAJOR_VERSION" != 3 ]; then + echoerror "Detected -x option, but Python major version is not 3." + echoerror "The -x option must be passed as python3, python38, or python3.8 (use the Python '3' versions of examples)." exit 1 fi if [ "$_PY_EXE" != "python3" ]; then echoinfo "Detected -x option. Using $_PY_EXE to install Salt." fi -else - _PY_PKG_VER="" - _PY_MAJOR_VERSION="" fi # If the configuration directory or archive does not exist, error out @@ -843,7 +839,7 @@ fi # -a and -V only work from git if [ "$ITYPE" != "git" ]; then - if [ $_PIP_ALL -eq $BS_TRUE ]; then + if [ "$_PIP_ALL" -eq $BS_TRUE ]; then echoerror "Pip installing all python packages with -a is only possible when installing Salt via git" exit 1 fi @@ -853,7 +849,7 @@ if [ "$ITYPE" != "git" ]; then fi fi -# Set the _REPO_URL value based on if -R was passed or not. Defaults to repo.saltproject.io. +# Set the _REPO_URL value based on if -R was passed or not. Defaults to packages.broadcom.com if [ "$_CUSTOM_REPO_URL" != "null" ]; then _REPO_URL="$_CUSTOM_REPO_URL" @@ -938,6 +934,7 @@ __fetch_url() { # DESCRIPTION: Retrieves a URL, verifies its content and writes it to standard output #---------------------------------------------------------------------------------------------------------------------- __fetch_verify() { + fetch_verify_url="$1" fetch_verify_sum="$2" fetch_verify_size="$3" @@ -959,6 +956,7 @@ __fetch_verify() { # DESCRIPTION: Checks if a URL exists #---------------------------------------------------------------------------------------------------------------------- __check_url_exists() { + _URL="$1" if curl --output /dev/null --silent --fail "${_URL}"; then return 0 @@ -1035,17 +1033,12 @@ __derive_debian_numeric_version() { INPUT_VERSION="$(cat /etc/debian_version)" fi if [ -z "$NUMERIC_VERSION" ]; then - if [ "$INPUT_VERSION" = "wheezy/sid" ]; then - # I've found an EC2 wheezy image which did not tell its version - NUMERIC_VERSION=$(__parse_version_string "7.0") - elif [ "$INPUT_VERSION" = "jessie/sid" ]; then - NUMERIC_VERSION=$(__parse_version_string "8.0") - elif [ "$INPUT_VERSION" = "stretch/sid" ]; then - NUMERIC_VERSION=$(__parse_version_string "9.0") - elif [ "$INPUT_VERSION" = "buster/sid" ]; then - NUMERIC_VERSION=$(__parse_version_string "10.0") - elif [ "$INPUT_VERSION" = "bullseye/sid" ]; then + if [ "$INPUT_VERSION" = "bullseye/sid" ]; then NUMERIC_VERSION=$(__parse_version_string "11.0") + elif [ "$INPUT_VERSION" = "bookworm/sid" ]; then + NUMERIC_VERSION=$(__parse_version_string "12.0") + elif [ "$INPUT_VERSION" = "trixie/sid" ]; then + NUMERIC_VERSION=$(__parse_version_string "13.0") else echowarn "Unable to parse the Debian Version (codename: '$INPUT_VERSION')" fi @@ -1129,6 +1122,7 @@ __gather_linux_system_info() { DISTRO_VERSION="" # Let's test if the lsb_release binary is available + # shellcheck disable=SC2327,SC2328 rv=$(lsb_release >/dev/null 2>&1) # shellcheck disable=SC2181 @@ -1186,7 +1180,7 @@ __gather_linux_system_info() { # We already have the distribution name and version return fi - # shellcheck disable=SC2035,SC2086 + # shellcheck disable=SC2035,SC2086,SC2269 for rsource in $(__sort_release_files "$( cd /etc && /bin/ls *[_-]release *[_-]version 2>/dev/null | env -i sort | \ sed -e '/^redhat-release$/d' -e '/^lsb-release$/d'; \ @@ -1288,127 +1282,6 @@ __gather_linux_system_info() { } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __install_python() -# DESCRIPTION: Install a different version of python on a host. Currently this has only been tested on CentOS 6 and -# is considered experimental. -#---------------------------------------------------------------------------------------------------------------------- -__install_python() { - if [ "$_PY_EXE" = "" ]; then - echoerror "Must specify -x with -y to install a specific python version" - exit 1 - fi - - __PACKAGES="$_PY_PKG_VER" - - if [ ${_DISABLE_REPOS} -eq ${BS_FALSE} ]; then - echoinfo "Attempting to install a repo to help provide a separate python package" - echoinfo "$DISTRO_NAME_L" - case "$DISTRO_NAME_L" in - "red_hat"|"centos") - __PYTHON_REPO_URL="https://repo.ius.io/ius-release-el${DISTRO_MAJOR_VERSION}.rpm" - ;; - *) - echoerror "Installing a repo to provide a python package is only supported on Redhat/CentOS. - If a repo is already available, please try running script with -r." - exit 1 - ;; - esac - - echoinfo "Installing IUS repo" - __yum_install_noinput "${__PYTHON_REPO_URL}" || return 1 - fi - - echoinfo "Installing ${__PACKAGES}" - __yum_install_noinput "${__PACKAGES}" || return 1 -} - - -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __gather_sunos_system_info -# DESCRIPTION: Discover SunOS system info -#---------------------------------------------------------------------------------------------------------------------- -__gather_sunos_system_info() { - if [ -f /sbin/uname ]; then - DISTRO_VERSION=$(/sbin/uname -X | awk '/[kK][eE][rR][nN][eE][lL][iI][dD]/ { print $3 }') - fi - - DISTRO_NAME="" - if [ -f /etc/release ]; then - while read -r line; do - [ "${DISTRO_NAME}" != "" ] && break - case "$line" in - *OpenIndiana*oi_[0-9]*) - DISTRO_NAME="OpenIndiana" - DISTRO_VERSION=$(echo "$line" | sed -nE "s/OpenIndiana(.*)oi_([[:digit:]]+)(.*)/\\2/p") - break - ;; - *OpenSolaris*snv_[0-9]*) - DISTRO_NAME="OpenSolaris" - DISTRO_VERSION=$(echo "$line" | sed -nE "s/OpenSolaris(.*)snv_([[:digit:]]+)(.*)/\\2/p") - break - ;; - *Oracle*Solaris*[0-9]*) - DISTRO_NAME="Oracle Solaris" - DISTRO_VERSION=$(echo "$line" | sed -nE "s/(Oracle Solaris) ([[:digit:]]+)(.*)/\\2/p") - break - ;; - *Solaris*) - DISTRO_NAME="Solaris" - # Let's make sure we not actually on a Joyent's SmartOS VM since some releases - # don't have SmartOS in `/etc/release`, only `Solaris` - if uname -v | grep joyent >/dev/null 2>&1; then - DISTRO_NAME="SmartOS" - fi - break - ;; - *NexentaCore*) - DISTRO_NAME="Nexenta Core" - break - ;; - *SmartOS*) - DISTRO_NAME="SmartOS" - break - ;; - *OmniOS*) - DISTRO_NAME="OmniOS" - DISTRO_VERSION=$(echo "$line" | awk '{print $3}') - _SIMPLIFY_VERSION=$BS_FALSE - break - ;; - esac - done < /etc/release - fi - - if [ "${DISTRO_NAME}" = "" ]; then - DISTRO_NAME="Solaris" - DISTRO_VERSION=$( - echo "${OS_VERSION}" | - sed -e 's;^4\.;1.;' \ - -e 's;^5\.\([0-6]\)[^0-9]*$;2.\1;' \ - -e 's;^5\.\([0-9][0-9]*\).*;\1;' - ) - fi - - if [ "${DISTRO_NAME}" = "SmartOS" ]; then - VIRTUAL_TYPE="smartmachine" - if [ "$(zonename)" = "global" ]; then - VIRTUAL_TYPE="global" - fi - fi -} - - -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __gather_bsd_system_info -# DESCRIPTION: Discover OpenBSD, NetBSD and FreeBSD systems information -#---------------------------------------------------------------------------------------------------------------------- -__gather_bsd_system_info() { - DISTRO_NAME=${OS_NAME} - DISTRO_VERSION=$(echo "${OS_VERSION}" | sed -e 's;[()];;' -e 's/-.*$//') -} - - #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __gather_osx_system_info # DESCRIPTION: Discover MacOS X @@ -1428,12 +1301,6 @@ __gather_system_info() { linux ) __gather_linux_system_info ;; - sunos ) - __gather_sunos_system_info - ;; - openbsd|freebsd|netbsd ) - __gather_bsd_system_info - ;; darwin ) __gather_osx_system_info ;; @@ -1454,21 +1321,23 @@ __gather_system_info() { #---------------------------------------------------------------------------------------------------------------------- # shellcheck disable=SC2034 __ubuntu_derivatives_translation() { - UBUNTU_DERIVATIVES="(trisquel|linuxmint|linaro|elementary_os|neon|pop)" + UBUNTU_DERIVATIVES="(trisquel|linuxmint|elementary_os|pop|neon)" # Mappings - trisquel_6_ubuntu_base="12.04" - linuxmint_13_ubuntu_base="12.04" - linuxmint_17_ubuntu_base="14.04" - linuxmint_18_ubuntu_base="16.04" - linuxmint_19_ubuntu_base="18.04" - linuxmint_20_ubuntu_base="20.04" - linaro_12_ubuntu_base="12.04" - elementary_os_02_ubuntu_base="12.04" - neon_16_ubuntu_base="16.04" - neon_18_ubuntu_base="18.04" + trisquel_10_ubuntu_base="20.04" + trisquel_11_ubuntu_base="22.04" + trisquel_12_ubuntu_base="24.04" neon_20_ubuntu_base="20.04" neon_22_ubuntu_base="22.04" + neon_24_ubuntu_base="24.04" + linuxmint_20_ubuntu_base="20.04" + linuxmint_21_ubuntu_base="22.04" + linuxmint_22_ubuntu_base="24.04" + elementary_os_06_ubuntu_base="20.04" + elementary_os_07_ubuntu_base="22.04" + elementary_os_08_ubuntu_base="24.04" + pop_20_ubuntu_base="22.04" pop_22_ubuntu_base="22.04" + pop_24_ubuntu_base="24.04" # Translate Ubuntu derivatives to their base Ubuntu version match=$(echo "$DISTRO_NAME_L" | grep -E ${UBUNTU_DERIVATIVES}) @@ -1511,42 +1380,24 @@ __check_dpkg_architecture() { return 1 fi - __REPO_ARCH="$DPKG_ARCHITECTURE" - __REPO_ARCH_DEB='deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg]' __return_code=0 case $DPKG_ARCHITECTURE in "i386") - error_msg="$_REPO_URL likely doesn't have all required 32-bit packages for $DISTRO_NAME $DISTRO_MAJOR_VERSION." + error_msg="$_REPO_URL likely doesn't have required 32-bit packages for $DISTRO_NAME $DISTRO_MAJOR_VERSION." # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location - __REPO_ARCH="amd64" + __return_code=1 ;; "amd64") error_msg="" ;; "arm64") - if [ "$_CUSTOM_REPO_URL" != "null" ]; then - warn_msg="Support for arm64 is experimental, make sure the custom repository used has the expected structure and contents." - else - # Saltstack official repository has arm64 metadata beginning with Debian 11, - # use amd64 repositories on arm64 for anything older, since all pkgs are arch-independent - if [ "$DISTRO_NAME_L" = "debian" ] && [ "$DISTRO_MAJOR_VERSION" -lt 11 ]; then - __REPO_ARCH="amd64" - else - __REPO_ARCH="arm64" - fi - __REPO_ARCH_DEB="deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=$__REPO_ARCH]" - warn_msg="Support for arm64 packages is experimental and might rely on architecture-independent packages from the amd64 repository." - fi + # Saltstack official repository has full arm64 support since 3006 error_msg="" ;; "armhf") - if [ "$DISTRO_NAME_L" = "ubuntu" ] || [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then - error_msg="Support for armhf packages at $_REPO_URL is limited to Debian/Raspbian 8 platforms." - __return_code=1 - else - error_msg="" - fi + error_msg="$_REPO_URL doesn't have packages for your system architecture: $DPKG_ARCHITECTURE." + __return_code=1 ;; *) error_msg="$_REPO_URL doesn't have packages for your system architecture: $DPKG_ARCHITECTURE." @@ -1562,10 +1413,10 @@ __check_dpkg_architecture() { if [ "${error_msg}" != "" ]; then echoerror "${error_msg}" if [ "$ITYPE" != "git" ]; then - echoerror "You can try git installation mode, i.e.: sh ${__ScriptName} git v2017.7.2." + echoerror "You can try git installation mode, i.e.: sh ${__ScriptName} git v3006.6." echoerror "It may be necessary to use git installation mode with pip and disable the SaltStack apt repository." echoerror "For example:" - echoerror " sh ${__ScriptName} -r -P git v2017.7.2" + echoerror " sh ${__ScriptName} -r -P git v3006.6" fi fi @@ -1617,8 +1468,14 @@ __ubuntu_codename_translation() { "22") DISTRO_CODENAME="jammy" ;; + "23") + DISTRO_CODENAME="lunar" + ;; + "24") + DISTRO_CODENAME="noble" + ;; *) - DISTRO_CODENAME="trusty" + DISTRO_CODENAME="noble" ;; esac } @@ -1637,20 +1494,21 @@ __debian_derivatives_translation() { DEBIAN_DERIVATIVES="(cumulus|devuan|kali|linuxmint|raspbian|bunsenlabs|turnkey)" # Mappings - cumulus_2_debian_base="7.0" - cumulus_3_debian_base="8.0" - cumulus_4_debian_base="10.0" - devuan_1_debian_base="8.0" - devuan_2_debian_base="9.0" + cumulus_5_debian_base="11.0" + cumulus_6_debian_base="12.0" + devuan_4_debian_base="11.0" + devuan_5_debian_base="12.0" kali_1_debian_base="7.0" kali_2021_debian_base="10.0" - linuxmint_1_debian_base="8.0" - raspbian_8_debian_base="8.0" - raspbian_9_debian_base="9.0" - raspbian_10_debian_base="10.0" + linuxmint_4_debian_base="11.0" + linuxmint_5_debian_base="12.0" raspbian_11_debian_base="11.0" + raspbian_12_debian_base="12.0" bunsenlabs_9_debian_base="9.0" - turnkey_9_debian_base="9.0" + bunsenlabs_11_debian_base="11.0" + bunsenlabs_12_debian_base="12.0" + turnkey_11_debian_base="11.0" + turnkey_12_debian_base="12.0" # Translate Debian derivatives to their base Debian version match=$(echo "$DISTRO_NAME_L" | grep -E ${DEBIAN_DERIVATIVES}) @@ -1718,14 +1576,9 @@ __debian_codename_translation() { ;; "12") DISTRO_CODENAME="bookworm" - # FIXME - TEMPORARY - # use bullseye packages until bookworm packages are available - DISTRO_CODENAME="bullseye" - DISTRO_MAJOR_VERSION=11 - rv=11 ;; *) - DISTRO_CODENAME="stretch" + DISTRO_CODENAME="bookworm" ;; esac } @@ -1738,8 +1591,8 @@ __debian_codename_translation() { __check_end_of_life_versions() { case "${DISTRO_NAME_L}" in debian) - # Debian versions below 9 are not supported - if [ "$DISTRO_MAJOR_VERSION" -lt 9 ]; then + # Debian versions below 11 are not supported + if [ "$DISTRO_MAJOR_VERSION" -lt 11 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://wiki.debian.org/DebianReleases" @@ -1750,18 +1603,18 @@ __check_end_of_life_versions() { ubuntu) # Ubuntu versions not supported # - # < 16.04 - # = 16.10 - # = 17.04, 17.10 - # = 18.10 - # = 19.04, 19.10 + # < 20.04 # = 20.10 - if [ "$DISTRO_MAJOR_VERSION" -lt 16 ] || \ - [ "$DISTRO_MAJOR_VERSION" -eq 17 ] || \ - [ "$DISTRO_MAJOR_VERSION" -eq 19 ] || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 16 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 18 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then + # = 21.04, 21.10 + # = 22.10 + # = 23.04, 23.10 + if [ "$DISTRO_MAJOR_VERSION" -lt 20 ] || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 21 ] && [ "$DISTRO_MINOR_VERSION" -eq 04 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 21 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 23 ] && [ "$DISTRO_MINOR_VERSION" -eq 04 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 23 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://wiki.ubuntu.com/Releases" @@ -1805,8 +1658,8 @@ __check_end_of_life_versions() { ;; fedora) - # Fedora lower than 33 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 33 ]; then + # Fedora lower than 38 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 39 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://fedoraproject.org/wiki/Releases" @@ -1815,8 +1668,8 @@ __check_end_of_life_versions() { ;; centos) - # CentOS versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # CentOS versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " http://wiki.centos.org/Download" @@ -1825,8 +1678,8 @@ __check_end_of_life_versions() { ;; red_hat*linux) - # Red Hat (Enterprise) Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Red Hat (Enterprise) Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://access.redhat.com/support/policy/updates/errata/" @@ -1835,8 +1688,8 @@ __check_end_of_life_versions() { ;; oracle*linux) - # Oracle Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Oracle Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " http://www.oracle.com/us/support/library/elsp-lifetime-069338.pdf" @@ -1845,8 +1698,8 @@ __check_end_of_life_versions() { ;; scientific*linux) - # Scientific Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Scientific Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://www.scientificlinux.org/downloads/sl-versions/" @@ -1855,8 +1708,8 @@ __check_end_of_life_versions() { ;; cloud*linux) - # Cloud Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Cloud Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://docs.cloudlinux.com/index.html?cloudlinux_life-cycle.html" @@ -1875,20 +1728,11 @@ __check_end_of_life_versions() { fi ;; - freebsd) - # FreeBSD versions lower than 11 are EOL - if [ "$DISTRO_MAJOR_VERSION" -lt 11 ]; then - echoerror "Versions lower than FreeBSD 11 are EOL and no longer supported." - exit 1 - fi - ;; - *) ;; esac } - __gather_system_info echo @@ -1963,8 +1807,16 @@ if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then fi fi +if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + if [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then + echoinfo "Installing salt api" + else + echoinfo "Configuring salt api" + fi +fi + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then - echoinfo "Installing salt-cloud and required python-libcloud package" + echoinfo "Installing salt-cloud and required python3-libcloud package" fi if [ $_START_DAEMONS -eq $BS_FALSE ]; then @@ -2008,16 +1860,14 @@ fi if [ "$ITYPE" = "git" ]; then if [ "${GIT_REV}" = "master" ]; then - _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="MATCH" else case ${OS_NAME_L} in - openbsd|freebsd|netbsd|darwin ) + darwin ) __NEW_VS_TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed -E 's/^(v?3[0-9]{3}(\.[0-9]{1,2})?).*$/MATCH/') if [ "$__NEW_VS_TAG_REGEX_MATCH" = "MATCH" ]; then - _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="${__NEW_VS_TAG_REGEX_MATCH}" - echodebug "Post Neon Tag Regex Match On: ${GIT_REV}" + echodebug "Tag Regex Match On: ${GIT_REV}" else __TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed -E 's/^(v?[0-9]{1,4}\.[0-9]{1,2})(\.[0-9]{1,2})?.*$/MATCH/') echodebug "Pre Neon Tag Regex Match On: ${GIT_REV}" @@ -2026,9 +1876,8 @@ if [ "$ITYPE" = "git" ]; then * ) __NEW_VS_TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed 's/^.*\(v\?3[[:digit:]]\{3\}\(\.[[:digit:]]\{1,2\}\)\?\).*$/MATCH/') if [ "$__NEW_VS_TAG_REGEX_MATCH" = "MATCH" ]; then - _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="${__NEW_VS_TAG_REGEX_MATCH}" - echodebug "Post Neon Tag Regex Match On: ${GIT_REV}" + echodebug "Tag Regex Match On: ${GIT_REV}" else __TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed 's/^.*\(v\?[[:digit:]]\{1,4\}\.[[:digit:]]\{1,2\}\)\(\.[[:digit:]]\{1,2\}\)\?.*$/MATCH/') echodebug "Pre Neon Tag Regex Match On: ${GIT_REV}" @@ -2037,18 +1886,16 @@ if [ "$ITYPE" = "git" ]; then esac fi - if [ "$_POST_NEON_INSTALL" -eq $BS_TRUE ]; then - echo - echowarn "Post Neon git based installations will always install salt" - echowarn "and its dependencies using pip which will be upgraded to" - echowarn "at least v${_MINIMUM_PIP_VERSION}, and, in case the setuptools version is also" - echowarn "too old, it will be upgraded to at least v${_MINIMUM_SETUPTOOLS_VERSION}" - echo - echowarn "You have 10 seconds to cancel and stop the bootstrap process..." - echo - sleep 10 - _PIP_ALLOWED=$BS_TRUE - fi + echo + echowarn "git based installations will always install salt" + echowarn "and its dependencies using pip which will be upgraded to" + echowarn "at least v${_MINIMUM_PIP_VERSION}, and, in case the setuptools version is also" + echowarn "too old, it will be upgraded to at least v${_MINIMUM_SETUPTOOLS_VERSION} and less than v${_MAXIMUM_SETUPTOOLS_VERSION}" + echo + echowarn "You have 10 seconds to cancel and stop the bootstrap process..." + echo + sleep 10 + _PIP_ALLOWED=$BS_TRUE fi @@ -2080,12 +1927,17 @@ __wait_for_apt(){ # Timeout set at 15 minutes WAIT_TIMEOUT=900 + ## see if sync'ing the clocks helps + if [ -f /usr/sbin/hwclock ]; then + /usr/sbin/hwclock -s + fi + # Run our passed in apt command "${@}" 2>"$APT_ERR" APT_RETURN=$? # Make sure we're not waiting on a lock - while [ $APT_RETURN -ne 0 ] && grep -q '^E: Could not get lock' "$APT_ERR"; do + while [ "$APT_RETURN" -ne 0 ] && grep -q '^E: Could not get lock' "$APT_ERR"; do echoinfo "Aware of the lock. Patiently waiting $WAIT_TIMEOUT more seconds..." sleep 1 WAIT_TIMEOUT=$((WAIT_TIMEOUT - 1)) @@ -2109,6 +1961,7 @@ __wait_for_apt(){ # PARAMETERS: packages #---------------------------------------------------------------------------------------------------------------------- __apt_get_install_noinput() { + __wait_for_apt apt-get install -y -o DPkg::Options::=--force-confold "${@}"; return $? } # ---------- end of function __apt_get_install_noinput ---------- @@ -2118,6 +1971,7 @@ __apt_get_install_noinput() { # DESCRIPTION: (DRY) apt-get upgrade with noinput options #---------------------------------------------------------------------------------------------------------------------- __apt_get_upgrade_noinput() { + __wait_for_apt apt-get upgrade -y -o DPkg::Options::=--force-confold; return $? } # ---------- end of function __apt_get_upgrade_noinput ---------- @@ -2148,12 +2002,14 @@ __temp_gpg_pub() { # PARAMETERS: url #---------------------------------------------------------------------------------------------------------------------- __apt_key_fetch() { + + url=$1 tempfile="$(__temp_gpg_pub)" - __fetch_url "$tempfile" "$url" || return 1 - cp -f "$tempfile" /usr/share/keyrings/salt-archive-keyring.gpg && chmod 644 /usr/share/keyrings/salt-archive-keyring.gpg || return 1 + mkdir -p /etc/apt/keyrings + cp -f "$tempfile" /etc/apt/keyrings/salt-archive-keyring.pgp && chmod 644 /etc/apt/keyrings/salt-archive-keyring.pgp || return 1 rm -f "$tempfile" return 0 @@ -2166,6 +2022,7 @@ __apt_key_fetch() { # PARAMETERS: url #---------------------------------------------------------------------------------------------------------------------- __rpm_import_gpg() { + url=$1 tempfile="$(__temp_gpg_pub)" @@ -2290,10 +2147,15 @@ __git_clone_and_checkout() { if [ "$(git clone 2>&1 | grep 'single-branch')" != "" ]; then # The "--single-branch" option is supported, attempt shallow cloning echoinfo "Attempting to shallow clone $GIT_REV from Salt's repository ${_SALT_REPO_URL}" - if git clone --depth 1 --branch "$GIT_REV" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then + ## Shallow cloning is resulting in the wrong version of Salt, even with a depth of 5 + ## getting 3007.0+0na.246d066 when it should be 3007.1+410.g246d066457, disabling for now + ## if git clone --depth 1 --branch "$GIT_REV" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then + echodebug "git command, git clone --branch $GIT_REV $_SALT_REPO_URL $__SALT_CHECKOUT_REPONAME" + if git clone --branch "$GIT_REV" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then # shellcheck disable=SC2164 cd "${_SALT_GIT_CHECKOUT_DIR}" __SHALLOW_CLONE=$BS_TRUE + echoinfo "shallow path (disabled shallow) git cloned $GIT_REV, version $(python3 salt/version.py)" else # Shallow clone above failed(missing upstream tags???), let's resume the old behaviour. echowarn "Failed to shallow clone." @@ -2307,10 +2169,13 @@ __git_clone_and_checkout() { fi if [ "$__SHALLOW_CLONE" -eq $BS_FALSE ]; then + echodebug "shallow clone false, BS_FALSE $BS_FALSE, git clone $_SALT_REPO_URL $__SALT_CHECKOUT_REPONAME" git clone "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME" || return 1 # shellcheck disable=SC2164 cd "${_SALT_GIT_CHECKOUT_DIR}" + echoinfo "git cloned $GIT_REV, version $(python3 salt/version.py)" + if ! echo "$_SALT_REPO_URL" | grep -q -F -w "${_SALTSTACK_REPO_URL#*://}"; then # We need to add the saltstack repository as a remote and fetch tags for proper versioning echoinfo "Adding SaltStack's Salt repository as a remote" @@ -2403,7 +2268,7 @@ __movefile() { exit 1 fi - if [ $_KEEP_TEMP_FILES -eq $BS_TRUE ]; then + if [ "$_KEEP_TEMP_FILES" -eq $BS_TRUE ]; then # We're being told not to move files, instead copy them so we can keep # them around echodebug "Since BS_KEEP_TEMP_FILES=1 we're copying files instead of moving them" @@ -2520,14 +2385,17 @@ __overwriteconfig() { if [ -n "$_PY_EXE" ]; then good_python="$_PY_EXE" # If python does not have yaml installed we're on Arch and should use python2 + # but no more support, hence error out elif python -c "import yaml" 2> /dev/null; then - good_python=python + good_python=python # assume python is python 3 on Arch else - good_python=python2 + ## good_python=python2 + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi # Convert json string to a yaml string and write it to config file. Output is dumped into tempfile. - "$good_python" -c "import json; import yaml; jsn=json.loads('$json'); yml=yaml.safe_dump(jsn, line_break='\\n', default_flow_style=False); config_file=open('$target', 'w'); config_file.write(yml); config_file.close();" 2>$tempfile + "$good_python" -c "import json; import yaml; jsn=json.loads('$json'); yml=yaml.safe_dump(jsn, line_break='\\n', default_flow_style=False, sort_keys=False); config_file=open('$target', 'w'); config_file.write(yml); config_file.close();" 2>"$tempfile" # No python errors output to the tempfile if [ ! -s "$tempfile" ]; then @@ -2552,6 +2420,7 @@ __overwriteconfig() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_systemd() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2559,6 +2428,21 @@ __check_services_systemd() { echoerror "You need to pass a service name to check as the single argument to the function" fi + # check if systemd is functional, having systemctl present is insufficient + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_FALSE ]; then + # already determined systemd is not functional, default is 1 + return 1 + fi + + _SYSTEMD_ACTIVE=$(/bin/systemctl daemon-reload 2>&1 | grep 'System has not been booted with systemd') + echodebug "__check_services_systemd _SYSTEMD_ACTIVE result ,$_SYSTEMD_ACTIVE," + if [ "$_SYSTEMD_ACTIVE" != "" ]; then + _SYSTEMD_FUNCTIONAL=$BS_FALSE + echodebug "systemd is not functional, despite systemctl being present, setting _SYSTEMD_FUNCTIONAL false, $_SYSTEMD_FUNCTIONAL" + return 1 + fi + servicename=$1 echodebug "Checking if service ${servicename} is enabled" @@ -2578,6 +2462,7 @@ __check_services_systemd() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_upstart() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2605,6 +2490,7 @@ __check_services_upstart() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_sysvinit() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2631,6 +2517,7 @@ __check_services_sysvinit() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_debian() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2652,38 +2539,13 @@ __check_services_debian() { } # ---------- end of function __check_services_debian ---------- -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __check_services_openbsd -# DESCRIPTION: Return 0 or 1 in case the service is enabled or not -# PARAMETERS: servicename -#---------------------------------------------------------------------------------------------------------------------- -__check_services_openbsd() { - if [ $# -eq 0 ]; then - echoerror "You need to pass a service name to check!" - exit 1 - elif [ $# -ne 1 ]; then - echoerror "You need to pass a service name to check as the single argument to the function" - fi - - servicename=$1 - echodebug "Checking if service ${servicename} is enabled" - - # shellcheck disable=SC2086,SC2046,SC2144 - if rcctl get ${servicename} status; then - echodebug "Service ${servicename} is enabled" - return 0 - else - echodebug "Service ${servicename} is NOT enabled" - return 1 - fi -} # ---------- end of function __check_services_openbsd ---------- - #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __check_services_openrc # DESCRIPTION: Return 0 or 1 in case the service is enabled or not # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_openrc() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2710,9 +2572,10 @@ __check_services_openrc() { # DESCRIPTION: Return 0 or 1 depending on successful creation of virtualenv #---------------------------------------------------------------------------------------------------------------------- __create_virtualenv() { + if [ ! -d "$_VIRTUALENV_DIR" ]; then echoinfo "Creating virtualenv ${_VIRTUALENV_DIR}" - if [ $_PIP_ALL -eq $BS_TRUE ]; then + if [ "$_PIP_ALL" -eq $BS_TRUE ]; then virtualenv --no-site-packages "${_VIRTUALENV_DIR}" || return 1 else virtualenv --system-site-packages "${_VIRTUALENV_DIR}" || return 1 @@ -2727,6 +2590,7 @@ __create_virtualenv() { # DESCRIPTION: Return 0 or 1 depending on successful activation of virtualenv #---------------------------------------------------------------------------------------------------------------------- __activate_virtualenv() { + set +o nounset # Is virtualenv empty if [ -z "$_VIRTUALENV_DIR" ]; then @@ -2753,7 +2617,7 @@ __install_pip_pkgs() { _pip_cmd="${_py_exe} -m pip" if [ "${_py_exe}" = "" ]; then - _py_exe='python' + _py_exe='python3' fi __check_pip_allowed @@ -2781,17 +2645,6 @@ __install_pip_pkgs() { ${_pip_cmd} install ${_pip_pkgs} || return 1 } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __install_tornado_pip -# PARAMETERS: python executable -# DESCRIPTION: Return 0 or 1 if successfully able to install tornado<5.0 -#---------------------------------------------------------------------------------------------------------------------- -__install_tornado_pip() { - # OS needs tornado <5.0 from pip - __check_pip_allowed "You need to allow pip based installations (-P) for Tornado <5.0 in order to install Salt on Python 3" - ## install pip if its not installed and install tornado - __install_pip_pkgs "tornado<5.0" "${1}" || return 1 -} #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __install_pip_deps @@ -2829,19 +2682,20 @@ __install_pip_deps() { } # ---------- end of function __install_pip_deps ---------- #--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __install_salt_from_repo_post_neon +# NAME: __install_salt_from_repo # DESCRIPTION: Return 0 or 1 if successfully able to install. Can provide a different python version to # install pip packages with. If $py_exe is not specified it will use the default python version. # PARAMETERS: py_exe #---------------------------------------------------------------------------------------------------------------------- -__install_salt_from_repo_post_neon() { +__install_salt_from_repo() { + _py_exe="$1" if [ "${_py_exe}" = "" ]; then - _py_exe='python' + _py_exe="python3" fi - echodebug "__install_salt_from_repo_post_neon py_exe=$_py_exe" + echodebug "__install_salt_from_repo py_exe=$_py_exe" _py_version=$(${_py_exe} -c "import sys; print('{0}.{1}'.format(*sys.version_info))") _pip_cmd="pip${_py_version}" @@ -2879,14 +2733,9 @@ except ImportError: EOM ) if ! ${_py_exe} -c "$CHECK_PIP_VERSION_SCRIPT"; then - # Upgrade pip to at least 1.2 which is when we can start using "python -m pip" - if [ "${_py_version}" = "3.5" ]; then - echodebug "Running '${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION},<21.0'" - ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION},<21.0" - else - echodebug "Running '${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION}'" - ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION}" - fi + # Upgrade pip to at least 1.2 which is when we can start using "python3 -m pip" + echodebug "Running '${_pip_cmd} install ${_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION}'" + ${_pip_cmd} install ${_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION}" sleep 1 echodebug "PATH: ${PATH}" _pip_cmd="pip${_py_version}" @@ -2905,26 +2754,43 @@ EOM echodebug "Installed pip version: $(${_pip_cmd} --version)" fi - _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION}" - if [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - # We also lock setuptools to <45 which is the latest release to support both py2 and py3 - _setuptools_dep="${_setuptools_dep},<45" + _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION},<${_MAXIMUM_SETUPTOOLS_VERSION}" + if [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - echodebug "Running '${_pip_cmd} install wheel ${_setuptools_dep}'" - ${_pip_cmd} install --upgrade ${_POST_NEON_PIP_INSTALL_ARGS} wheel "${_setuptools_dep}" + _USE_BREAK_SYSTEM_PACKAGES="" + # shellcheck disable=SC2086,SC2090 + if { [ ${DISTRO_NAME_L} = "ubuntu" ] && [ "$DISTRO_MAJOR_VERSION" -ge 24 ]; } || \ + [ ${DISTRO_NAME_L} = "debian" ] && [ "$DISTRO_MAJOR_VERSION" -ge 12 ]; then + _USE_BREAK_SYSTEM_PACKAGES="--break-system-packages" + echodebug "OS is greater than / equal Debian 12 or Ubuntu 24.04, using ${_USE_BREAK_SYSTEM_PACKAGES}" + fi - echoinfo "Installing salt using ${_py_exe}" + echodebug "Running '${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade ${_PIP_INSTALL_ARGS} wheel ${_setuptools_dep}" + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade ${_PIP_INSTALL_ARGS} wheel "${_setuptools_dep}" + + echoinfo "Installing salt using ${_py_exe}, $(${_py_exe} --version)" cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - mkdir /tmp/git/deps + mkdir -p /tmp/git/deps + echodebug "Created directory /tmp/git/deps" + echodebug "Installing Salt dependencies for Salt version $(python3 salt/version.py)" + + if [ ${DISTRO_NAME_L} = "ubuntu" ] && [ "$DISTRO_MAJOR_VERSION" -eq 22 ]; then + echodebug "Ubuntu 22.04 has problem with base.txt requirements file, not parsing sys_platform == 'win32', upgrading from default pip works" + echodebug "${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade pip" + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade pip || (echo "Failed to upgrade pip" && return 1) + fi + echoinfo "Downloading Salt Dependencies from PyPi" echodebug "Running '${_pip_cmd} download -d /tmp/git/deps ${_PIP_DOWNLOAD_ARGS} .'" ${_pip_cmd} download -d /tmp/git/deps ${_PIP_DOWNLOAD_ARGS} . || (echo "Failed to download salt dependencies" && return 1) echoinfo "Installing Downloaded Salt Dependencies" - echodebug "Running '${_pip_cmd} install --ignore-installed ${_POST_NEON_PIP_INSTALL_ARGS} /tmp/git/deps/*'" - ${_pip_cmd} install --ignore-installed ${_POST_NEON_PIP_INSTALL_ARGS} /tmp/git/deps/* || return 1 + echodebug "Running '${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed ${_PIP_INSTALL_ARGS} /tmp/git/deps/*'" + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed ${_PIP_INSTALL_ARGS} /tmp/git/deps/* || return 1 rm -f /tmp/git/deps/* echoinfo "Building Salt Python Wheel" @@ -2934,16 +2800,27 @@ EOM fi echodebug "Running '${_py_exe} setup.py --salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} bdist_wheel'" - ${_py_exe} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} bdist_wheel || return 1 + ${_py_exe} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS}" bdist_wheel || return 1 mv dist/salt*.whl /tmp/git/deps/ || return 1 cd "${__SALT_GIT_CHECKOUT_PARENT_DIR}" || return 1 echoinfo "Installing Built Salt Wheel" - ${_pip_cmd} uninstall --yes salt 2>/dev/null || true - echodebug "Running '${_pip_cmd} install --no-deps --force-reinstall ${_POST_NEON_PIP_INSTALL_ARGS} /tmp/git/deps/salt*.whl'" - ${_pip_cmd} install --no-deps --force-reinstall \ - ${_POST_NEON_PIP_INSTALL_ARGS} \ + ${_pip_cmd} uninstall --yes ${_USE_BREAK_SYSTEM_PACKAGES} salt 2>/dev/null || true + + # Hack for getting current Arch working with git-master + if [ "${DISTRO_NAME}" = "Arch Linux" ]; then + _arch_dep="cryptography==42.0.7" # debug matching current Arch version of python-cryptography + echodebug "Running '${_pip_cmd} install --force-reinstall --break-system-packages ${_arch_dep}'" + ${_pip_cmd} install --force-reinstall --break-system-packages "${_arch_dep}" + fi + + echodebug "Running '${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} /tmp/git/deps/salt*.whl'" + + echodebug "Running ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} --global-option=--salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} /tmp/git/deps/salt*.whl" + + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall \ + ${_PIP_INSTALL_ARGS} \ --global-option="--salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS}" \ /tmp/git/deps/salt*.whl || return 1 @@ -2966,21 +2843,16 @@ EOM return 1 fi return 0 -} # ---------- end of function __install_salt_from_repo_post_neon ---------- +} # ---------- end of function __install_salt_from_repo ---------- -if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - if [ "x${_PY_MAJOR_VERSION}" = "x" ]; then - # Default to python 2 for pre Neon installs - _PY_MAJOR_VERSION=2 - fi -else - if [ "x${_PY_MAJOR_VERSION}" = "x" ]; then - # Default to python 3 for post Neon install - _PY_MAJOR_VERSION=3 - fi +# shellcheck disable=SC2268 +if [ "x${_PY_MAJOR_VERSION}" = "x" ]; then + # Default to python 3 for install + _PY_MAJOR_VERSION=3 fi + ####################################################################################################################### # # Distribution install functions @@ -3064,6 +2936,7 @@ fi # Ubuntu Install Functions # __enable_universe_repository() { + if [ "$(grep -R universe /etc/apt/sources.list /etc/apt/sources.list.d/ | grep -v '#')" != "" ]; then # The universe repository is already enabled return 0 @@ -3078,15 +2951,13 @@ __enable_universe_repository() { __install_saltstack_ubuntu_repository() { # Workaround for latest non-LTS Ubuntu + echodebug "__install_saltstack_ubuntu_repository() entry" + if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - # remove 22 version when salt packages for 22.04 are available - [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 22 ]; then + { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 24 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ] || [ "$DISTRO_MAJOR_VERSION" -eq 25 ]; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=20.04 - UBUNTU_CODENAME="focal" - else - UBUNTU_VERSION=${DISTRO_VERSION} - UBUNTU_CODENAME=${DISTRO_CODENAME} fi # Install downloader backend for GPG keys fetching @@ -3102,33 +2973,48 @@ __install_saltstack_ubuntu_repository() { __PACKAGES="${__PACKAGES} apt-transport-https ca-certificates" fi + ## include hwclock if not part of base OS (23.10 and up) + if [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi + # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is not supported, only Python 3" + return 1 fi # SaltStack's stable Ubuntu repository: - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list - - __apt_key_fetch "$SALTSTACK_UBUNTU_URL/salt-archive-keyring.gpg" || return 1 - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$STABLE_REV" != "latest" ]; then + # latest is default + STABLE_REV_MAJOR=$(echo "$STABLE_REV" | cut -d '.' -f 1) + if [ "$STABLE_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$STABLE_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi + } __install_saltstack_ubuntu_onedir_repository() { + + echodebug "__install_saltstack_ubuntu_onedir_repository() entry" # Workaround for latest non-LTS Ubuntu if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - [ "$DISTRO_MAJOR_VERSION" -eq 21 ]; then + { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ] || [ "$DISTRO_MAJOR_VERSION" -eq 25 ]; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=20.04 - UBUNTU_CODENAME="focal" - else - UBUNTU_VERSION=${DISTRO_VERSION} - UBUNTU_CODENAME=${DISTRO_CODENAME} fi # Install downloader backend for GPG keys fetching @@ -3144,35 +3030,38 @@ __install_saltstack_ubuntu_onedir_repository() { __PACKAGES="${__PACKAGES} apt-transport-https ca-certificates" fi + ## include hwclock if not part of base OS (23.10 and up) + if [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi + # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - # SaltStack's stable Ubuntu repository: - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/" - fi - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list - - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}salt-archive-keyring.gpg" || return 1 - elif [ "$(echo "${ONEDIR_REV}" | grep -E '(latest|nightly)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}salt-archive-keyring.gpg" || \ - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - else - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - fi - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$ONEDIR_REV" != "latest" ]; then + # latest is default + ONEDIR_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$ONEDIR_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$ONEDIR_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi } install_ubuntu_deps() { - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then + + echodebug "install_ubuntu_deps() entry" + if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then # Install add-apt-repository if ! __check_command_exists add-apt-repository; then __apt_get_install_noinput software-properties-common || return 1 @@ -3185,24 +3074,19 @@ install_ubuntu_deps() { __PACKAGES='' - if [ "$DISTRO_MAJOR_VERSION" -lt 16 ]; then - # Minimal systems might not have upstart installed, install it - __PACKAGES="upstart" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" - fi - - if [ "$DISTRO_MAJOR_VERSION" -ge 16 ] && [ -z "$_PY_EXE" ]; then - __PACKAGES="${__PACKAGES} python2.7" + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] && [ -z "$_PY_EXE" ]; then + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}" fi if [ "$_VIRTUALENV_DIR" != "null" ]; then - __PACKAGES="${__PACKAGES} python-virtualenv" + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-virtualenv" fi + # Need python-apt for managing packages via Salt __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-apt" @@ -3215,6 +3099,11 @@ install_ubuntu_deps() { # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 __PACKAGES="${__PACKAGES} procps pciutils" + ## include hwclock if not part of base OS (23.10 and up) + if [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi + # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3228,14 +3117,10 @@ install_ubuntu_deps() { } install_ubuntu_stable_deps() { - if [ "${_SLEEP}" -eq "${__DEFAULT_SLEEP}" ] && [ "$DISTRO_MAJOR_VERSION" -lt 16 ]; then - # The user did not pass a custom sleep value as an argument, let's increase the default value - echodebug "On Ubuntu systems we increase the default sleep value to 10." - echodebug "See https://github.com/saltstack/salt/issues/12248 for more info." - _SLEEP=10 - fi - if [ $_START_DAEMONS -eq $BS_FALSE ]; then + echodebug "install_ubuntu_stable_deps() entry" + + if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3246,7 +3131,8 @@ install_ubuntu_stable_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ] || [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then + ## apt-key is deprecated + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 else __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && @@ -3266,6 +3152,9 @@ install_ubuntu_stable_deps() { } install_ubuntu_git_deps() { + + echodebug "install_ubuntu_git_deps() entry" + __wait_for_apt apt-get update || return 1 if ! __check_command_exists git; then @@ -3278,65 +3167,27 @@ install_ubuntu_git_deps() { __git_clone_and_checkout || return 1 - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - __PACKAGES="" - - # See how we are installing packages - if [ "${_PIP_ALL}" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-dev swig libssl-dev libzmq3 libzmq3-dev" - - if ! __check_command_exists pip; then - __PACKAGES="${__PACKAGES} python-setuptools python-pip" - fi - - # Get just the apt packages that are required to build all the pythons - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - # Install the pythons from requirements (only zmq for now) - __install_pip_deps "${_SALT_GIT_CHECKOUT_DIR}/requirements/zeromq.txt" || return 1 - else - install_ubuntu_stable_deps || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python3-setuptools" - else - # There is no m2crypto package for Py3 at this time - only install for Py2 - __PACKAGES="${__PACKAGES} python-m2crypto" - fi - - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-yaml" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-zmq" - __PACKAGES="${__PACKAGES} python-concurrent.futures" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud" - fi - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - fi - else - __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - if [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then - __PACKAGES="${__PACKAGES} g++" - fi - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 + __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" + if [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then + __PACKAGES="${__PACKAGES} g++" fi + ## include hwclock if not part of base OS (23.10 and up) + if [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi + + # shellcheck disable=SC2086 + __apt_get_install_noinput ${__PACKAGES} || return 1 + # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -3344,14 +3195,8 @@ install_ubuntu_git_deps() { } install_ubuntu_onedir_deps() { - if [ "${_SLEEP}" -eq "${__DEFAULT_SLEEP}" ] && [ "$DISTRO_MAJOR_VERSION" -lt 16 ]; then - # The user did not pass a custom sleep value as an argument, let's increase the default value - echodebug "On Ubuntu systems we increase the default sleep value to 10." - echodebug "See https://github.com/saltstack/salt/issues/12248 for more info." - _SLEEP=10 - fi - if [ $_START_DAEMONS -eq $BS_FALSE ]; then + if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3362,7 +3207,8 @@ install_ubuntu_onedir_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ]; then + ## apt-key is deprecated + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 else __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && @@ -3382,6 +3228,7 @@ install_ubuntu_onedir_deps() { } install_ubuntu_stable() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3397,6 +3244,10 @@ install_ubuntu_stable() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3404,6 +3255,7 @@ install_ubuntu_stable() { } install_ubuntu_git() { + # Activate virtualenv before install if [ "${_VIRTUALENV_DIR}" != "null" ]; then __activate_virtualenv || return 1 @@ -3412,43 +3264,28 @@ install_ubuntu_git() { if [ -n "$_PY_EXE" ]; then _PYEXE=${_PY_EXE} else - _PYEXE=python2.7 + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - # We can use --prefix on debian based ditributions - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python3/dist-packages --install-option=--install-scripts=/usr/bin" - else - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python2.7/dist-packages --install-option=--install-scripts=/usr/bin" - fi - _POST_NEON_PIP_INSTALL_ARGS="" - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 + _PIP_INSTALL_ARGS="" + __install_salt_from_repo "${_PY_EXE}" || return 1 + cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - # Account for new path for services files in later releases - if [ -d "pkg/common" ]; then - _SERVICE_DIR="pkg/common" - else - _SERVICE_DIR="pkg" - fi - - sed -i 's:/usr/bin:/usr/local/bin:g' ${_SERVICE_DIR}/*.service - return 0 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 + # Account for new path for services files in later releases + if [ -d "pkg/common" ]; then + _SERVICE_DIR="pkg/common" else - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 + _SERVICE_DIR="pkg" fi + sed -i 's:/usr/bin:/usr/local/bin:g' "${_SERVICE_DIR}"/*.service return 0 + } install_ubuntu_onedir() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3464,6 +3301,10 @@ install_ubuntu_onedir() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3471,6 +3312,7 @@ install_ubuntu_onedir() { } install_ubuntu_stable_post() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3480,7 +3322,8 @@ install_ubuntu_stable_post() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + ## if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Using systemd /bin/systemctl is-enabled salt-$fname.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-$fname.service > /dev/null 2>&1 && @@ -3497,6 +3340,7 @@ install_ubuntu_stable_post() { } install_ubuntu_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -3512,7 +3356,7 @@ install_ubuntu_git_post() { _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg" fi - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -3521,21 +3365,6 @@ install_ubuntu_git_post() { systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload - elif [ -f /sbin/initctl ]; then - _upstart_conf="/etc/init/salt-$fname.conf" - # We have upstart support - echodebug "There's upstart support" - if [ ! -f $_upstart_conf ]; then - # upstart does not know about our service, let's copy the proper file - echowarn "Upstart does not appear to know about salt-$fname" - echodebug "Copying ${_SERVICE_DIR}/salt-$fname.upstart to $_upstart_conf" - __copyfile "${_SERVICE_DIR}/salt-${fname}.upstart" "$_upstart_conf" - # Set service to know about virtualenv - if [ "${_VIRTUALENV_DIR}" != "null" ]; then - echo "SALT_USE_VIRTUALENV=${_VIRTUALENV_DIR}" > /etc/default/salt-${fname} - fi - /sbin/initctl reload-configuration || return 1 - fi # No upstart support in Ubuntu!? elif [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.init" ]; then echodebug "There's NO upstart support!?" @@ -3548,7 +3377,7 @@ install_ubuntu_git_post() { update-rc.d salt-$fname defaults else - echoerror "Neither upstart nor init.d was setup for salt-$fname" + echoerror "No init.d was setup for salt-$fname" fi done @@ -3556,13 +3385,12 @@ install_ubuntu_git_post() { } install_ubuntu_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return - # Ensure upstart configs / systemd units are loaded - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return + + # Ensure systemd units are loaded + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then systemctl daemon-reload - elif [ -f /sbin/initctl ]; then - /sbin/initctl reload-configuration fi for fname in api master minion syndic; do @@ -3574,7 +3402,7 @@ install_ubuntu_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then echodebug "There's systemd support while checking salt-$fname" systemctl stop salt-$fname > /dev/null 2>&1 systemctl start salt-$fname.service && continue @@ -3586,18 +3414,6 @@ install_ubuntu_restart_daemons() { fi fi - if [ -f /sbin/initctl ]; then - echodebug "There's upstart support while checking salt-$fname" - - if status salt-$fname 2>/dev/null | grep -q running; then - stop salt-$fname || (echodebug "Failed to stop salt-$fname" && return 1) - fi - - start salt-$fname && continue - # We failed to start the service, let's test the SysV code below - echodebug "Failed to start salt-$fname using Upstart" - fi - if [ ! -f /etc/init.d/salt-$fname ]; then echoerror "No init.d support for salt-$fname was found" return 1 @@ -3611,6 +3427,7 @@ install_ubuntu_restart_daemons() { } install_ubuntu_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3620,10 +3437,8 @@ install_ubuntu_check_services() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then __check_services_systemd salt-$fname || return 1 - elif [ -f /sbin/initctl ] && [ -f /etc/init/salt-${fname}.conf ]; then - __check_services_upstart salt-$fname || return 1 elif [ -f /etc/init.d/salt-$fname ]; then __check_services_debian salt-$fname || return 1 fi @@ -3641,12 +3456,12 @@ install_ubuntu_check_services() { # Debian Install Functions # __install_saltstack_debian_repository() { - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" + echodebug "__install_saltstack_debian_repository() entry" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # Install downloader backend for GPG keys fetching @@ -3665,22 +3480,37 @@ __install_saltstack_debian_repository() { # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - - __apt_key_fetch "$SALTSTACK_DEBIAN_URL/salt-archive-keyring.gpg" || return 1 + ## SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}" + ## echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" + ## __apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 + ## __wait_for_apt apt-get update || return 1 + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$STABLE_REV" != "latest" ]; then + # latest is default + STABLE_REV_MAJOR=$(echo "$STABLE_REV" | cut -d '.' -f 1) + if [ "$STABLE_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$STABLE_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi } __install_saltstack_debian_onedir_repository() { - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" + echodebug "__install_saltstack_debian_onedir_repository() entry" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # Install downloader backend for GPG keys fetching @@ -3699,80 +3529,30 @@ __install_saltstack_debian_onedir_repository() { # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/" - fi - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}salt-archive-keyring.gpg" || return 1 - elif [ "$(echo "${ONEDIR_REV}" | grep -E '(latest|nightly)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}salt-archive-keyring.gpg" || \ - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - else - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - fi - - __wait_for_apt apt-get update || return 1 -} - -install_debian_deps() { - if [ $_START_DAEMONS -eq $BS_FALSE ]; then - echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." - fi - - # No user interaction, libc6 restart services for example - export DEBIAN_FRONTEND=noninteractive - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 - if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then - # Try to update GPG keys first if allowed - if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 10 ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 - else - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 - fi + if [ "$ONEDIR_REV" != "latest" ]; then + # latest is default + ONEDIR_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$ONEDIR_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$ONEDIR_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 fi - - __apt_get_upgrade_noinput || return 1 fi - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" - fi - - # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 - __PACKAGES='procps pciutils' - - # YAML module is used for generating custom master/minion configs - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-yaml" - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __check_dpkg_architecture || return 1 - __install_saltstack_debian_repository || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 } install_debian_onedir_deps() { - if [ $_START_DAEMONS -eq $BS_FALSE ]; then + + echodebug "install_debian_onedir_git_deps() entry" + + if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3795,10 +3575,9 @@ install_debian_onedir_deps() { __apt_get_upgrade_noinput || return 1 fi - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 @@ -3824,75 +3603,14 @@ install_debian_onedir_deps() { return 0 } -install_debian_git_pre() { - if ! __check_command_exists git; then - __apt_get_install_noinput git || return 1 - fi - - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - __apt_get_install_noinput ca-certificates - fi - - __git_clone_and_checkout || return 1 - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi -} - install_debian_git_deps() { - install_debian_deps || return 1 - install_debian_git_pre || return 1 - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" - fi + echodebug "install_debian_git_deps() entry" - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __PACKAGES="libzmq3 libzmq3-dev lsb-release python-apt python-backports.ssl-match-hostname" - __PACKAGES="${__PACKAGES} python-crypto python-jinja2 python-msgpack python-m2crypto" - __PACKAGES="${__PACKAGES} python-requests python-tornado python-yaml python-zmq" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python-libcloud" - fi - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - else - __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - echodebug "install_debian_git_deps() Installing ${__PACKAGES}" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - fi - - return 0 -} - -install_debian_7_git_deps() { - install_debian_deps || return 1 - install_debian_git_deps || return 1 - - return 0 -} - -install_debian_8_git_deps() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - echodebug "CALLING install_debian_git_deps" - install_debian_git_deps || return 1 - return 0 - fi - - install_debian_deps || return 1 + __wait_for_apt apt-get update || return 1 if ! __check_command_exists git; then - __apt_get_install_noinput git || return 1 + __apt_get_install_noinput git-core || return 1 fi if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then @@ -3901,124 +3619,28 @@ install_debian_8_git_deps() { __git_clone_and_checkout || return 1 - __PACKAGES="libzmq3 libzmq3-dev lsb-release python-apt python-crypto python-jinja2" - __PACKAGES="${__PACKAGES} python-m2crypto python-msgpack python-requests python-systemd" - __PACKAGES="${__PACKAGES} python-yaml python-zmq python-concurrent.futures" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python-libcloud" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - __PIP_PACKAGES='' - if (__check_pip_allowed >/dev/null 2>&1); then - __PIP_PACKAGES='tornado<5.0' - # Install development environment for building tornado Python module - __PACKAGES="${__PACKAGES} build-essential python-dev" - - if ! __check_command_exists pip; then - __PACKAGES="${__PACKAGES} python-pip" - fi - # Attempt to configure backports repo on non-x86_64 system - elif [ $_DISABLE_REPOS -eq $BS_FALSE ] && [ "$DPKG_ARCHITECTURE" != "amd64" ]; then - # Check if Debian Backports repo already configured - if ! apt-cache policy | grep -q 'Debian Backports'; then - echo 'deb http://httpredir.debian.org/debian jessie-backports main' > \ - /etc/apt/sources.list.d/backports.list - fi - - __wait_for_apt apt-get update || return 1 - - # python-tornado package should be installed from backports repo - __PACKAGES="${__PACKAGES} python-backports.ssl-match-hostname python-tornado/jessie-backports" - else - __PACKAGES="${__PACKAGES} python-backports.ssl-match-hostname python-tornado" - fi + __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" + echodebug "install_debian_git_deps() Installing ${__PACKAGES}" # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 - if [ "${__PIP_PACKAGES}" != "" ]; then - # shellcheck disable=SC2086,SC2090 - pip install -U ${__PIP_PACKAGES} || return 1 - fi - # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi return 0 } -install_debian_9_git_deps() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - install_debian_git_deps || return 1 - return 0 - fi - - install_debian_deps || return 1 - install_debian_git_pre || return 1 - - __PACKAGES="libzmq5 lsb-release" - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" - - # These packages are PY2-ONLY - __PACKAGES="${__PACKAGES} python-backports-abc python-m2crypto python-concurrent.futures" - fi - - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-apt python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests python${PY_PKG_VER}-systemd" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-yaml python${PY_PKG_VER}-zmq" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud" - fi - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - -install_debian_10_git_deps() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - install_debian_git_deps || return 1 - return 0 - fi - - install_debian_deps || return 1 - install_debian_git_pre || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _py=${_PY_EXE} - PY_PKG_VER=3 - __PACKAGES="python${PY_PKG_VER}-distutils" - else - _py="python" - PY_PKG_VER="" - __PACKAGES="" - fi - - __install_tornado_pip ${_py}|| return 1 - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-yaml python${PY_PKG_VER}-zmq" - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - install_debian_stable() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -4034,81 +3656,70 @@ install_debian_stable() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 return 0 } -install_debian_7_stable() { - install_debian_stable || return 1 +install_debian_11_git_deps() { + + install_debian_git_deps || return 1 return 0 } -install_debian_8_stable() { - install_debian_stable || return 1 - return 0 -} +install_debian_12_git_deps() { -install_debian_9_stable() { - install_debian_stable || return 1 + install_debian_git_deps || return 1 return 0 } install_debian_git() { + if [ -n "$_PY_EXE" ]; then _PYEXE=${_PY_EXE} else - _PYEXE=python + ## _PYEXE=python + echoerror "Python 2 is no longer supported, only Py3 packages" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - # We can use --prefix on debian based ditributions - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python3/dist-packages --install-option=--install-scripts=/usr/bin" - else - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python2.7/dist-packages --install-option=--install-scripts=/usr/bin" - fi - _POST_NEON_PIP_INSTALL_ARGS="" - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 + # We can use --prefix on debian based ditributions - # Account for new path for services files in later releases - if [ -d "pkg/common" ]; then - _SERVICE_DIR="pkg/common" - else - _SERVICE_DIR="pkg" - fi + _PIP_INSTALL_ARGS="" - sed -i 's:/usr/bin:/usr/local/bin:g' ${_SERVICE_DIR}/*.service - return 0 - fi + __install_salt_from_repo "${_PY_EXE}" || return 1 + cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 + # Account for new path for services files in later releases + if [ -d "pkg/common" ]; then + _SERVICE_DIR="pkg/common" else - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 + _SERVICE_DIR="pkg" fi + + sed -i 's:/usr/bin:/usr/local/bin:g' "${_SERVICE_DIR}"/*.service + return 0 } -install_debian_7_git() { +install_debian_11_git() { + install_debian_git || return 1 return 0 } -install_debian_8_git() { - install_debian_git || return 1 - return 0 -} +install_debian_12_git() { -install_debian_9_git() { install_debian_git || return 1 return 0 } install_debian_onedir() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -4124,6 +3735,10 @@ install_debian_onedir() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -4131,6 +3746,7 @@ install_debian_onedir() { } install_debian_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ "$fname" = "api" ] && \ @@ -4147,7 +3763,7 @@ install_debian_git_post() { fi # Configure SystemD for Debian 8 "Jessie" and later - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then if [ ! -f /lib/systemd/system/salt-${fname}.service ] || \ { [ -f /lib/systemd/system/salt-${fname}.service ] && [ $_FORCE_OVERWRITE -eq $BS_TRUE ]; }; then if [ -f "${_SERVICE_DIR}/salt-${fname}.service" ]; then @@ -4165,29 +3781,12 @@ install_debian_git_post() { /bin/systemctl enable "salt-${fname}.service" SYSTEMD_RELOAD=$BS_TRUE - - # Install initscripts for Debian 7 "Wheezy" - elif [ ! -f "/etc/init.d/salt-$fname" ] || \ - { [ -f "/etc/init.d/salt-$fname" ] && [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; }; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-${fname}.init" "/etc/init.d/salt-${fname}" - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-${fname}.environment" "/etc/default/salt-${fname}" - - if [ ! -f "/etc/init.d/salt-${fname}" ]; then - echowarn "The init script for salt-${fname} was not found, skipping it..." - continue - fi - - chmod +x "/etc/init.d/salt-${fname}" - - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ "$fname" = "api" ] && continue - - update-rc.d "salt-${fname}" defaults fi done } install_debian_2021_post() { + # Kali 2021 (debian derivative) disables all network services by default # Using archlinux post function to enable salt systemd services install_arch_linux_post || return 1 @@ -4195,6 +3794,7 @@ install_debian_2021_post() { } install_debian_restart_daemons() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 for fname in api master minion syndic; do @@ -4206,8 +3806,8 @@ install_debian_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then - # Debian 8 uses systemd + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then + # Debian 8 and above uses systemd /bin/systemctl stop salt-$fname > /dev/null 2>&1 /bin/systemctl start salt-$fname.service && continue if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then @@ -4223,6 +3823,7 @@ install_debian_restart_daemons() { } install_debian_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4232,7 +3833,7 @@ install_debian_check_services() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then __check_services_systemd salt-$fname || return 1 elif [ -f /etc/init.d/salt-$fname ]; then __check_services_debian salt-$fname || return 1 @@ -4251,54 +3852,55 @@ install_debian_check_services() { # __install_saltstack_fedora_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - REPO_REV="$ONEDIR_REV" - else - REPO_REV="latest" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - GPG_KEY="SALT-PROJECT-GPG-PUBKEY-2023.pub" - - REPO_FILE="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/fedora/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/fedora/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest fi + dnf clean expire-cache || return 1 - __fetch_url "${REPO_FILE}" "${FETCH_URL}.repo" - - __rpm_import_gpg "${FETCH_URL}/${GPG_KEY}" || return 1 - - yum clean metadata || return 1 - elif [ "$REPO_REV" != "latest" ]; then + elif [ "$ONEDIR_REV" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $REPO_REV." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 } install_fedora_deps() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then dnf -y update || return 1 fi __PACKAGES="${__PACKAGES:=}" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -lt 3 ]; then - echoerror "There are no Python 2 stable packages for Fedora, only Py3 packages" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" return 1 fi # Salt on Fedora is Py3 PY_PKG_VER=3 + ## find no dnf-utils in Fedora packaging archives and yum-utils EL7 and F30, none after + ## but find it on 8 and 9 Centos Stream __PACKAGES="${__PACKAGES} dnf-utils libyaml procps-ng python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests python${PY_PKG_VER}-zmq" __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pip python${PY_PKG_VER}-m2crypto python${PY_PKG_VER}-pyyaml" @@ -4313,84 +3915,11 @@ install_fedora_deps() { return 0 } -install_fedora_stable() { - if [ "$STABLE_REV" = "latest" ]; then - __SALT_VERSION="" - else - __SALT_VERSION="$(dnf list --showduplicates salt | grep "$STABLE_REV" | head -n 1 | awk '{print $2}')" - if [ "x${__SALT_VERSION}" = "x" ]; then - echoerror "Could not find a stable install for Salt ${STABLE_REV}" - exit 1 - fi - echoinfo "Installing Stable Package Version ${__SALT_VERSION}" - __SALT_VERSION="-${__SALT_VERSION}" - fi - __PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud${__SALT_VERSION}" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-master${__SALT_VERSION}" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion${__SALT_VERSION}" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-syndic${__SALT_VERSION}" - fi - - # shellcheck disable=SC2086 - __dnf_install_noinput ${__PACKAGES} || return 1 - - __python="python3" - if ! __check_command_exists python3; then - echoerror "Could not find a python3 binary?!" - return 1 - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __check_pip_allowed "You need to allow pip based installations (-P) for Tornado <5.0 in order to install Salt" - __installed_tornado_rpm=$(rpm -qa | grep python${PY_PKG_VER}-tornado) - if [ -n "${__installed_tornado_rpm}" ]; then - echodebug "Removing system package ${__installed_tornado_rpm}" - rpm -e --nodeps "${__installed_tornado_rpm}" || return 1 - fi - __get_site_packages_dir_code=$(cat << EOM -import site -print([d for d in site.getsitepackages() if d.startswith('/usr/lib/python')][0]) -EOM -) - __target_path=$(${__python} -c "${__get_site_packages_dir_code}") - echodebug "Running '${__python}' -m pip install --target ${__target_path} 'tornado<5.0'" - "${__python}" -m pip install --target "${__target_path}" "tornado<5" || return 1 - fi - - return 0 -} - -install_fedora_stable_post() { - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) - sleep 1 - systemctl daemon-reload - done -} - install_fedora_git_deps() { - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - # Packages are named python3- - PY_PKG_VER=3 - else - PY_PKG_VER=2 + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi __PACKAGES="" @@ -4409,79 +3938,40 @@ install_fedora_git_deps() { __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - __PACKAGES="${__PACKAGES} ca-certificates" - fi - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud python${PY_PKG_VER}-netaddr" - fi - - install_fedora_deps || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - if __check_command_exists python3; then - __python="python3" - fi - elif [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - if __check_command_exists python2; then - __python="python2" - fi - else - if ! __check_command_exists python; then - echoerror "Unable to find a python binary?!" - return 1 - fi - # Let's hope it's the right one - __python="python" - fi - - grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" | while IFS=' - ' read -r dep; do - echodebug "Running '${__python}' -m pip install '${dep}'" - "${__python}" -m pip install "${dep}" || return 1 - done - else - __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - if [ "${DISTRO_VERSION}" -ge 35 ]; then - __PACKAGES="${__PACKAGES} gcc-c++" - fi - # shellcheck disable=SC2086 - __dnf_install_noinput ${__PACKAGES} || return 1 - fi + __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc gcc-c++" + # shellcheck disable=SC2086 + __dnf_install_noinput ${__PACKAGES} || return 1 # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi + _fedora_dep="contextvars" + echodebug "Running '${_PY_EXE} -m pip install --upgrade ${_fedora_dep}'" + ${_PY_EXE} -m pip install --upgrade "${_fedora_dep}" + return 0 } install_fedora_git() { + if [ "${_PY_EXE}" != "" ]; then _PYEXE=${_PY_EXE} echoinfo "Using the following python version: ${_PY_EXE} to install salt" else - _PYEXE='python2' + echoerror "Python 2 is no longer supported, only Py3 packages" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - ${_PYEXE} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - else - ${_PYEXE} setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - fi + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 + } install_fedora_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -4509,10 +3999,12 @@ install_fedora_git_post() { systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload + done } install_fedora_restart_daemons() { + [ $_START_DAEMONS -eq $BS_FALSE ] && return for fname in api master minion syndic; do @@ -4535,6 +4027,7 @@ install_fedora_restart_daemons() { } install_fedora_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4567,19 +4060,13 @@ install_fedora_onedir_deps() { fi # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has + # Which is still handled in __install_saltstack_rhel_onedir_repository. This call has # its own check in case -r was passed without -R. if [ "$_CUSTOM_REPO_URL" != "null" ]; then __install_saltstack_fedora_onedir_repository || return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="dnf-utils chkconfig" - else - __PACKAGES="yum-utils chkconfig" - fi - - __PACKAGES="${__PACKAGES} procps" + __PACKAGES="dnf-utils chkconfig procps-ng" # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -4596,6 +4083,7 @@ install_fedora_onedir_deps() { install_fedora_onedir() { + STABLE_REV=$ONEDIR_REV #install_fedora_stable || return 1 @@ -4614,6 +4102,10 @@ install_fedora_onedir() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -4621,11 +4113,26 @@ install_fedora_onedir() { } install_fedora_onedir_post() { + STABLE_REV=$ONEDIR_REV - install_fedora_stable_post || return 1 + + for fname in api master minion syndic; do + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue + + # Skip if not meant to be installed + [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + + systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) + sleep 1 + systemctl daemon-reload + done return 0 } + # # Ended Fedora Install Functions # @@ -4635,133 +4142,40 @@ install_fedora_onedir_post() { # # CentOS Install Functions # -__install_saltstack_rhel_repository() { - if [ "${DISTRO_MAJOR_VERSION}" -ge 9 ]; then - echoerror "Old stable repository unavailable on RH variants greater than or equal to 9" - echoerror "Use the stable install type." - exit 1 - fi - - if [ "$ITYPE" = "stable" ]; then - repo_rev="$STABLE_REV" - else - repo_rev="latest" - fi - - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - # Avoid using '$releasever' variable for yum. - # Instead, this should work correctly on all RHEL variants. - base_url="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${repo_rev}/" - if [ "${DISTRO_MAJOR_VERSION}" -eq 7 ]; then - gpg_key="SALTSTACK-GPG-KEY.pub base/RPM-GPG-KEY-CentOS-7" - elif [ "${DISTRO_MAJOR_VERSION}" -ge 9 ]; then - gpg_key="SALTSTACK-GPG-KEY2.pub" - else - gpg_key="SALTSTACK-GPG-KEY.pub" - fi - - gpg_key_urls="" - for key in $gpg_key; do - gpg_key_urls=$(printf "${base_url}${key},%s" "$gpg_key_urls") - done - - repo_file="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - cat <<_eof > "$repo_file" -[saltstack] -name=SaltStack ${repo_rev} Release Channel for RHEL/CentOS \$releasever -baseurl=${base_url} -skip_if_unavailable=True -gpgcheck=1 -gpgkey=${gpg_key_urls} -enabled=1 -enabled_metadata=1 -_eof - - fetch_url="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${repo_rev}/" - for key in $gpg_key; do - __rpm_import_gpg "${fetch_url}${key}" || return 1 - done - - yum clean metadata || return 1 - elif [ "$repo_rev" != "latest" ]; then - echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $repo_rev." - fi - - return 0 -} - __install_saltstack_rhel_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - # Avoid using '$releasever' variable for yum. - # Instead, this should work correctly on all RHEL variants. - base_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - base_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/" - fi - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ] || [ "${ONEDIR_REV}" = "nightly" ]; then - if [ "${DISTRO_MAJOR_VERSION}" -eq 9 ]; then - gpg_key="SALTSTACK-GPG-KEY2.pub" - else - gpg_key="SALTSTACK-GPG-KEY.pub" - fi - else - gpg_key="SALT-PROJECT-GPG-PUBKEY-2023.pub" - fi - - gpg_key_urls="" - for key in $gpg_key; do - gpg_key_urls=$(printf "${base_url}${key},%s" "$gpg_key_urls") - done - - repo_file="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - cat <<_eof > "$repo_file" -[saltstack] -name=SaltStack ${repo_rev} Release Channel for RHEL/CentOS \$releasever -baseurl=${base_url} -skip_if_unavailable=True -gpgcheck=1 -gpgkey=${gpg_key_urls} -enabled=1 -enabled_metadata=1 -_eof - - fetch_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - fetch_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest fi - for key in $gpg_key; do - __rpm_import_gpg "${fetch_url}${key}" || return 1 - done - - yum clean metadata || return 1 - elif [ "$repo_rev" != "latest" ]; then + dnf clean expire-cache || return 1 + elif [ "$ONEDIR_REV" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $repo_rev." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 } install_centos_stable_deps() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then yum -y update || return 1 fi @@ -4773,48 +4187,18 @@ install_centos_stable_deps() { fi if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then - __install_saltstack_rhel_repository || return 1 + echoerror "old-stable packages are no longer supported and are End-Of-Life." + return 1 fi # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has + # Which is still handled in __install_saltstack_rhel_onedir_repository. This call has # its own check in case -r was passed without -R. if [ "$_CUSTOM_REPO_URL" != "null" ]; then - __install_saltstack_rhel_repository || return 1 + __install_saltstack_rhel_onedir_repository || return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="dnf-utils chkconfig" - else - __PACKAGES="yum-utils chkconfig" - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - # YAML module is used for generating custom master/minion configs - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python3-pyyaml python3-setuptools" - else - __PACKAGES="${__PACKAGES} python2-pyyaml" - fi - elif [ "$DISTRO_MAJOR_VERSION" -eq 7 ]; then - # YAML module is used for generating custom master/minion configs - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python36-PyYAML python36-setuptools" - else - __PACKAGES="${__PACKAGES} PyYAML" - fi - else - # YAML module is used for generating custom master/minion configs - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python34-PyYAML python34-setuptools" - else - __PACKAGES="${__PACKAGES} PyYAML" - fi - fi - fi - - __PACKAGES="${__PACKAGES} procps" + __PACKAGES="yum-utils chkconfig procps-ng findutils" # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -4825,11 +4209,11 @@ install_centos_stable_deps() { __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 fi - return 0 } install_centos_stable() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -4845,6 +4229,10 @@ install_centos_stable() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -4859,6 +4247,7 @@ install_centos_stable() { } install_centos_stable_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -4870,7 +4259,7 @@ install_centos_stable_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /bin/systemctl is-enabled salt-${fname}.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-${fname}.service > /dev/null 2>&1 && /bin/systemctl enable salt-${fname}.service > /dev/null 2>&1 @@ -4890,14 +4279,14 @@ install_centos_stable_post() { } install_centos_git_deps() { + # First try stable deps then fall back to onedir deps if that one fails # if we're installing on a Red Hat based host that doesn't have the classic # package repos available. # Set ONEDIR_REV to STABLE_REV in case we # end up calling install_centos_onedir_deps ONEDIR_REV=${STABLE_REV} - install_centos_onedir_deps || \ - return 1 + install_centos_onedir_deps || return 1 if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then __yum_install_noinput ca-certificates || return 1 @@ -4912,111 +4301,23 @@ install_centos_git_deps() { __PACKAGES="" if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - # Packages are named python3- - PY_PKG_VER=3 - __PACKAGES="${__PACKAGES} python3" - else - # Packages are named python36- - PY_PKG_VER=36 - __PACKAGES="${__PACKAGES} python36" - fi + # Packages are named python3- + PY_PKG_VER=3 + __PACKAGES="${__PACKAGES} python3" else - PY_PKG_VER="" - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="${__PACKAGES} python2" - elif [ "$DISTRO_MAJOR_VERSION" -eq 6 ]; then - PY_PKG_VER=27 - __PACKAGES="${__PACKAGES} python27" - else - __PACKAGES="${__PACKAGES} python" - fi + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - _install_m2crypto_req=false - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _py=${_PY_EXE} - if [ "$DISTRO_MAJOR_VERSION" -gt 6 ]; then - _install_m2crypto_req=true - fi - else - if [ "$DISTRO_MAJOR_VERSION" -eq 6 ]; then - _install_m2crypto_req=true - fi - _py="python" + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - # Only Py2 needs python-futures - __PACKAGES="${__PACKAGES} python-futures" + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 - # There is no systemd-python3 package as of this writing - if [ "$DISTRO_MAJOR_VERSION" -ge 7 ]; then - __PACKAGES="${__PACKAGES} systemd-python" - fi - fi - - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __install_tornado_pip ${_py} || return 1 - __PACKAGES="${__PACKAGES} python3-m2crypto" - else - __PACKAGES="${__PACKAGES} m2crypto python${PY_PKG_VER}-crypto" - fi - - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-zmq" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud" - fi - - if [ "${_INSTALL_PY}" -eq "${BS_TRUE}" ]; then - # Install Python if "-y" was passed in. - __install_python || return 1 - fi - - if [ "${_PY_EXE}" != "" ] && [ "$_PIP_ALLOWED" -eq "$BS_TRUE" ]; then - # If "-x" is defined, install dependencies with pip based on the Python version given. - _PIP_PACKAGES="m2crypto!=0.33.0 jinja2 msgpack-python pycrypto PyYAML tornado<5.0 zmq futures>=2.0" - - # install swig and openssl on cent6 - if $_install_m2crypto_req; then - __yum_install_noinput openssl-devel swig || return 1 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # Filter out any commented lines from the requirements file - _REQ_LINES="$(grep '^[^#]' "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - for SINGLE_PACKAGE in ${_PIP_PACKAGES}; do - __REQUIRED_VERSION="$(grep "${SINGLE_PACKAGE}" "${_REQ_LINES}")" - if [ "${__REQUIRED_VERSION}" != "" ]; then - _PIP_PACKAGES=$(echo "$_PIP_PACKAGES" | sed "s/${SINGLE_PACKAGE}/${__REQUIRED_VERSION}/") - fi - done - fi - - if [ "$_INSTALL_CLOUD" -eq "${BS_TRUE}" ]; then - _PIP_PACKAGES="${_PIP_PACKAGES} apache-libcloud" - fi - - __install_pip_pkgs "${_PIP_PACKAGES}" "${_PY_EXE}" || return 1 - else - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - else - if [ "${_INSTALL_PY}" -eq "${BS_TRUE}" ] && [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then - # Install Python if "-y" was passed in. - __install_python || return 1 - fi - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -5024,29 +4325,23 @@ install_centos_git_deps() { } install_centos_git() { + if [ "${_PY_EXE}" != "" ]; then _PYEXE=${_PY_EXE} echoinfo "Using the following python version: ${_PY_EXE} to install salt" else - _PYEXE='python2' + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi echodebug "_PY_EXE: $_PY_EXE" - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - $_PYEXE setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - else - $_PYEXE setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - fi + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 } install_centos_git_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -5063,7 +4358,8 @@ install_centos_git_post() { else _SERVICE_FILE="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" fi - if [ -f /bin/systemctl ]; then + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then if [ ! -f "/usr/lib/systemd/system/salt-${fname}.service" ] || \ { [ -f "/usr/lib/systemd/system/salt-${fname}.service" ] && [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; }; then __copyfile "${_SERVICE_FILE}" /usr/lib/systemd/system @@ -5087,7 +4383,8 @@ install_centos_git_post() { } install_centos_onedir_deps() { - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then + + if [ "$_UPGRADE_SYS" -eq "$BS_TRUE" ]; then yum -y update || return 1 fi @@ -5102,19 +4399,13 @@ install_centos_onedir_deps() { fi # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has - # its own check in case -r was passed without -R. + # Which was still handled in __install_saltstack_rhel_repository, which was for old-stable which + # is removed since End-Of-Life. This call has its own check in case -r was passed without -R. if [ "$_CUSTOM_REPO_URL" != "null" ]; then __install_saltstack_rhel_onedir_repository || return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="dnf-utils chkconfig" - else - __PACKAGES="yum-utils chkconfig" - fi - - __PACKAGES="${__PACKAGES} procps" + __PACKAGES="yum-utils chkconfig procps-ng findutils" # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -5125,48 +4416,39 @@ install_centos_onedir_deps() { __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 fi - return 0 } -# This function has been modified to allow for specific versions to be installed -# when not using the salt repo install_centos_onedir() { + yum clean metadata + yum makecache + __PACKAGES="" - local cloud='salt-cloud' - local master='salt-master' - local minion='salt-minion' - local syndic='salt-syndic' - local ver="$_ONEDIR_REV" - - if [ ! -z $ver ]; then - cloud+="-$ver" - master+="-$ver" - minion+="-$ver" - syndic+="-$ver" - fi - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} $cloud" + __PACKAGES="${__PACKAGES} salt-cloud-${STABLE_REV}" fi if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} $master" + __PACKAGES="${__PACKAGES} salt-master-${STABLE_REV}" fi if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} $minion" + __PACKAGES="${__PACKAGES} salt-minion-${STABLE_REV}" fi if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} $syndic" + __PACKAGES="${__PACKAGES} salt-syndic-${STABLE_REV}" + fi + + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api-${STABLE_REV}" fi # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 - return 0 } install_centos_onedir_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -5178,7 +4460,7 @@ install_centos_onedir_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /bin/systemctl is-enabled salt-${fname}.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-${fname}.service > /dev/null 2>&1 && /bin/systemctl enable salt-${fname}.service > /dev/null 2>&1 @@ -5198,7 +4480,8 @@ install_centos_onedir_post() { } install_centos_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -5209,26 +4492,11 @@ install_centos_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /sbin/initctl ] && [ -f /etc/init/salt-${fname}.conf ]; then - # We have upstart support and upstart knows about our service - if ! /sbin/initctl status salt-$fname > /dev/null 2>&1; then - # Everything is in place and upstart gave us an error code? Fail! - return 1 - fi - - # upstart knows about this service. - # Let's try to stop it, and then start it - /sbin/initctl stop salt-$fname > /dev/null 2>&1 - # Restart service - if ! /sbin/initctl start salt-$fname > /dev/null 2>&1; then - # Failed the restart?! - return 1 - fi - elif [ -f /etc/init.d/salt-$fname ]; then + if [ -f /etc/init.d/salt-$fname ]; then # Disable stdin to fix shell session hang on killing tee pipe service salt-$fname stop < /dev/null > /dev/null 2>&1 service salt-$fname start < /dev/null - elif [ -f /usr/bin/systemctl ]; then + elif [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # CentOS 7 uses systemd /usr/bin/systemctl stop salt-$fname > /dev/null 2>&1 /usr/bin/systemctl start salt-$fname.service && continue @@ -5242,21 +4510,25 @@ install_centos_restart_daemons() { } install_centos_testing_deps() { + install_centos_stable_deps || return 1 return 0 } install_centos_testing() { + install_centos_stable || return 1 return 0 } install_centos_testing_post() { + install_centos_stable_post || return 1 return 0 } install_centos_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -5266,12 +4538,10 @@ install_centos_check_services() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /sbin/initctl ] && [ -f /etc/init/salt-${fname}.conf ]; then - __check_services_upstart salt-$fname || return 1 - elif [ -f /etc/init.d/salt-$fname ]; then - __check_services_sysvinit salt-$fname || return 1 - elif [ -f /usr/bin/systemctl ]; then - __check_services_systemd salt-$fname || return 1 + if [ -f "/etc/init.d/salt-$fname" ]; then + __check_services_sysvinit "salt-$fname" || return 1 + elif [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then + __check_services_systemd "salt-$fname" || return 1 fi done @@ -5287,286 +4557,343 @@ install_centos_check_services() { # RedHat Install Functions # install_red_hat_linux_stable_deps() { + install_centos_stable_deps || return 1 return 0 } install_red_hat_linux_git_deps() { + install_centos_git_deps || return 1 return 0 } install_red_hat_linux_onedir_deps() { + install_centos_onedir_deps || return 1 return 0 } install_red_hat_enterprise_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_linux_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_linux_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_linux_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_server_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_server_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_server_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_workstation_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_workstation_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_workstation_onedir_deps() { + install_red_hat_linux_timat_deps || return 1 return 0 } install_red_hat_linux_stable() { + install_centos_stable || return 1 return 0 } install_red_hat_linux_git() { + install_centos_git || return 1 return 0 } install_red_hat_linux_onedir() { + install_centos_onedir || return 1 return 0 } install_red_hat_enterprise_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_linux_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_linux_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_linux_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_server_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_server_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_server_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_workstation_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_workstation_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_workstation_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_linux_stable_post() { + install_centos_stable_post || return 1 return 0 } install_red_hat_linux_restart_daemons() { + install_centos_restart_daemons || return 1 return 0 } install_red_hat_linux_git_post() { + install_centos_git_post || return 1 return 0 } install_red_hat_enterprise_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_linux_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_linux_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_linux_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_server_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_server_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_server_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_workstation_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_workstation_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_workstation_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_linux_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_linux_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_linux_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_server_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_server_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_server_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_workstation_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_workstation_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_workstation_testing_post() { + install_centos_testing_post || return 1 return 0 } @@ -5580,11 +4907,13 @@ install_red_hat_enterprise_workstation_testing_post() { # Oracle Linux Install Functions # install_oracle_linux_stable_deps() { + # Install Oracle's EPEL. - if [ ${_EPEL_REPOS_INSTALLED} -eq $BS_FALSE ]; then + if [ "${_EPEL_REPOS_INSTALLED}" -eq $BS_FALSE ]; then _EPEL_REPO=oracle-epel-release-el${DISTRO_MAJOR_VERSION} if ! rpm -q "${_EPEL_REPO}" > /dev/null; then - __yum_install_noinput "${_EPEL_REPO}" + # shellcheck disable=SC2086 + __yum_install_noinput ${_EPEL_REPO} fi _EPEL_REPOS_INSTALLED=$BS_TRUE fi @@ -5969,6 +5298,7 @@ install_cloud_linux_check_services() { # Alpine Linux Install Functions # install_alpine_linux_stable_deps() { + _PIP_INSTALL_ARGS="" if ! grep -q '^[^#].\+alpine/.\+/community' /etc/apk/repositories; then # Add community repository entry based on the "main" repo URL __REPO=$(grep '^[^#].\+alpine/.\+/main\>' /etc/apk/repositories) @@ -5987,6 +5317,7 @@ install_alpine_linux_stable_deps() { } install_alpine_linux_git_deps() { + _PIP_INSTALL_ARGS="" install_alpine_linux_stable_deps || return 1 if ! __check_command_exists git; then @@ -5995,33 +5326,14 @@ install_alpine_linux_git_deps() { __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - apk -U add python2 py-virtualenv py2-crypto py2-m2crypto py2-setuptools \ - py2-jinja2 py2-yaml py2-markupsafe py2-msgpack py2-psutil \ - py2-zmq zeromq py2-requests || return 1 - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - apk -U add py2-tornado || return 1 - fi - fi - else - apk -U add python3 python3-dev py3-pip py3-setuptools g++ linux-headers zeromq-dev openrc || return 1 - _PY_EXE=python3 - return 0 - fi - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi + apk -U add python3 python3-dev py3-pip py3-setuptools g++ linux-headers zeromq-dev openrc || return 1 + _PY_EXE=python3 + return 0 } install_alpine_linux_stable() { __PACKAGES="salt" + _PIP_INSTALL_ARGS="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then __PACKAGES="${__PACKAGES} salt-cloud" @@ -6036,26 +5348,23 @@ install_alpine_linux_stable() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 - apk -U add ${__PACKAGES} || return 1 + apk -U add "${__PACKAGES}" || return 1 return 0 } install_alpine_linux_git() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - python2 setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install || return 1 - else - python2 setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 - fi + _PIP_INSTALL_ARGS="" + __install_salt_from_repo "${_PY_EXE}" || return 1 + return 0 } install_alpine_linux_post() { + _PIP_INSTALL_ARGS="" for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -6085,6 +5394,7 @@ install_alpine_linux_post() { } install_alpine_linux_restart_daemons() { + _PIP_INSTALL_ARGS="" [ "${_START_DAEMONS}" -eq $BS_FALSE ] && return for fname in api master minion syndic; do @@ -6103,6 +5413,7 @@ install_alpine_linux_restart_daemons() { } install_alpine_linux_check_services() { + _PIP_INSTALL_ARGS="" for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -6119,6 +5430,7 @@ install_alpine_linux_check_services() { } daemons_running_alpine_linux() { + _PIP_INSTALL_ARGS="" [ "${_START_DAEMONS}" -eq $BS_FALSE ] && return FAILED_DAEMONS=0 @@ -6152,167 +5464,21 @@ daemons_running_alpine_linux() { # Amazon Linux AMI Install Functions # -install_amazon_linux_ami_deps() { - # Shim to figure out if we're using old (rhel) or new (aws) rpms. - _USEAWS=$BS_FALSE - pkg_append="python" - - if [ "$ITYPE" = "stable" ]; then - repo_rev="$STABLE_REV" - else - repo_rev="latest" - fi - - if echo $repo_rev | grep -E -q '^archive'; then - year=$(echo "$repo_rev" | cut -d '/' -f 2 | cut -c1-4) - else - year=$(echo "$repo_rev" | cut -c1-4) - fi - - if echo "$repo_rev" | grep -E -q '^(latest|2016\.11)$' || \ - [ "$year" -gt 2016 ]; then - _USEAWS=$BS_TRUE - pkg_append="python27" - fi - - # We need to install yum-utils before doing anything else when installing on - # Amazon Linux ECS-optimized images. See issue #974. - __yum_install_noinput yum-utils - - # Do upgrade early - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - yum -y update || return 1 - fi - - if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - - # Set a few vars to make life easier. - if [ $_USEAWS -eq $BS_TRUE ]; then - base_url="$HTTP_VAL://${_REPO_URL}/yum/amazon/latest/\$basearch/$repo_rev/" - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - repo_name="SaltStack repo for Amazon Linux" - else - base_url="$HTTP_VAL://${_REPO_URL}/yum/redhat/6/\$basearch/$repo_rev/" - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - repo_name="SaltStack repo for RHEL/CentOS 6" - fi - - # This should prob be refactored to use __install_saltstack_rhel_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[saltstack-repo] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof - fi - - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - # Package python-ordereddict-1.1-2.el6.noarch is obsoleted by python26-2.6.9-2.88.amzn1.x86_64 - # which is already installed - __PACKAGES="m2crypto ${pkg_append}-crypto ${pkg_append}-jinja2 ${pkg_append}-PyYAML" - __PACKAGES="${__PACKAGES} ${pkg_append}-msgpack ${pkg_append}-requests ${pkg_append}-zmq" - __PACKAGES="${__PACKAGES} ${pkg_append}-futures" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi -} - -install_amazon_linux_ami_git_deps() { - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - yum -y install ca-certificates || return 1 - fi - - PIP_EXE='pip' - if __check_command_exists python2.7; then - if ! __check_command_exists pip2.7; then - if ! __check_command_exists easy_install-2.7; then - __yum_install_noinput python27-setuptools - fi - /usr/bin/easy_install-2.7 pip || return 1 - fi - PIP_EXE='/usr/local/bin/pip2.7' - _PY_EXE='python2.7' - fi - - install_amazon_linux_ami_deps || return 1 - - if ! __check_command_exists git; then - __yum_install_noinput git || return 1 - fi - - __git_clone_and_checkout || return 1 - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __PACKAGES="" - __PIP_PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __check_pip_allowed "You need to allow pip based installations (-P) in order to install apache-libcloud" - __PACKAGES="${__PACKAGES} python27-pip" - __PIP_PACKAGES="${__PIP_PACKAGES} apache-libcloud>=$_LIBCLOUD_MIN_VERSION" - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} ${pkg_append}-tornado" - fi - fi - - if [ "${__PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - - if [ "${__PIP_PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - ${PIP_EXE} install ${__PIP_PACKAGES} || return 1 - fi - else - __PACKAGES="python27-pip python27-setuptools python27-devel gcc" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi - - return 0 -} - +# Support for Amazon Linux 2 install_amazon_linux_ami_2_git_deps() { if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then yum -y install ca-certificates || return 1 fi + if [ "$_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 + fi + install_amazon_linux_ami_2_deps || return 1 - if [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - PIP_EXE='/bin/pip' - else - PY_PKG_VER=3 - PIP_EXE='/bin/pip3' - fi + PY_PKG_VER=3 + PIP_EXE='/bin/pip3' __PACKAGES="python${PY_PKG_VER}-pip" if ! __check_command_exists "${PIP_EXE}"; then @@ -6326,61 +5492,14 @@ install_amazon_linux_ami_2_git_deps() { __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then + __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools python${PY_PKG_VER}-devel gcc" - __PACKAGES="" - __PIP_PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq "$BS_TRUE" ]; then - __check_pip_allowed "You need to allow pip based installations (-P) in order to install apache-libcloud" - if [ "$PARSED_VERSION" -eq "2" ]; then - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq "3" ]; then - __PACKAGES="${__PACKAGES} python3-pip" - __PIP_PACKAGES="${__PIP_PACKAGES} tornado<$_TORNADO_MAX_PY3_VERSION" - else - __PACKAGES="${__PACKAGES} python2-pip" - fi - else - __PACKAGES="${__PACKAGES} python27-pip" - fi - __PIP_PACKAGES="${__PIP_PACKAGES} apache-libcloud>=$_LIBCLOUD_MIN_VERSION" - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq "3" ]; then - __PIP_PACKAGES="${__PIP_PACKAGES} tornado<$_TORNADO_MAX_PY3_VERSION" - else - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-tornado" - fi - fi - fi - - if [ "${__PIP_PACKAGES}" != "" ]; then - __check_pip_allowed "You need to allow pip based installations (-P) in order to install ${__PIP_PACKAGES}" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pip" - fi - - if [ "${__PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - - if [ "${__PIP_PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - ${PIP_EXE} install ${__PIP_PACKAGES} || return 1 - fi - else - __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools python${PY_PKG_VER}-devel gcc" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -6388,26 +5507,9 @@ install_amazon_linux_ami_2_git_deps() { } install_amazon_linux_ami_2_deps() { - # Shim to figure out if we're using old (rhel) or new (aws) rpms. - _USEAWS=$BS_FALSE - pkg_append="python" - - if [ "$ITYPE" = "stable" ]; then - repo_rev="$STABLE_REV" - else - repo_rev="latest" - fi - - if echo $repo_rev | grep -E -q '^archive'; then - year=$(echo "$repo_rev" | cut -d '/' -f 2 | cut -c1-4) - else - year=$(echo "$repo_rev" | cut -c1-4) - fi - - if echo "$repo_rev" | grep -E -q '^(latest|2016\.11)$' || \ - [ "$year" -gt 2016 ]; then - _USEAWS=$BS_TRUE - pkg_append="python" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # We need to install yum-utils before doing anything else when installing on @@ -6420,56 +5522,24 @@ install_amazon_linux_ami_2_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="yum" - PY_PKG_VER="" - repo_label="saltstack-repo" - repo_name="SaltStack repo for Amazon Linux 2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="py3" - PY_PKG_VER=3 - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2" + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$STABLE_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$STABLE_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 fi - - base_url="$HTTP_VAL://${_REPO_URL}/${__PY_VERSION_REPO}/amazon/2/\$basearch/$repo_rev/" - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub,${base_url}base/RPM-GPG-KEY-CentOS-7" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - fi - - # This should prob be refactored to use __install_saltstack_rhel_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof - fi - - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - # Package python-ordereddict-1.1-2.el6.noarch is obsoleted by python26-2.6.9-2.88.amzn1.x86_64 - # which is already installed - if [ -n "${PY_PKG_VER}" ] && [ "${PY_PKG_VER}" -eq 3 ]; then - __PACKAGES="${pkg_append}${PY_PKG_VER}-m2crypto ${pkg_append}${PY_PKG_VER}-pyyaml" - else - __PACKAGES="m2crypto PyYAML ${pkg_append}-futures" - fi - - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-crypto ${pkg_append}${PY_PKG_VER}-jinja2 procps-ng" - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-msgpack ${pkg_append}${PY_PKG_VER}-requests ${pkg_append}${PY_PKG_VER}-zmq" - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 fi if [ "${_EXTRA_PACKAGES}" != "" ]; then @@ -6480,20 +5550,9 @@ _eof } install_amazon_linux_ami_2_onedir_deps() { - # Shim to figure out if we're using old (rhel) or new (aws) rpms. - _USEAWS=$BS_FALSE - pkg_append="python" - - if [ "$ITYPE" = "onedir" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi - - if echo $repo_rev | grep -E -q '^archive'; then - year=$(echo "$repo_rev" | cut -d '/' -f 2 | cut -c1-4) - else - year=$(echo "$repo_rev" | cut -c1-4) + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # We need to install yum-utils before doing anything else when installing on @@ -6506,64 +5565,24 @@ install_amazon_linux_ami_2_onedir_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="yum" - PY_PKG_VER="" - repo_label="saltstack-repo" - repo_name="SaltStack repo for Amazon Linux 2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="py3" - PY_PKG_VER=3 - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2" + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 fi - - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/$repo_rev/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/" - fi - - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ] || [ "${ONEDIR_REV}" = "nightly" ]; then - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub,${base_url}base/RPM-GPG-KEY-CentOS-7" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - fi - else - gpg_key="${base_url}SALT-PROJECT-GPG-PUBKEY-2023.pub" - fi - - # This should prob be refactored to use __install_saltstack_rhel_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof - fi - - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - # Package python-ordereddict-1.1-2.el6.noarch is obsoleted by python26-2.6.9-2.88.amzn1.x86_64 - # which is already installed - if [ -n "${PY_PKG_VER}" ] && [ "${PY_PKG_VER}" -eq 3 ]; then - __PACKAGES="${pkg_append}${PY_PKG_VER}-m2crypto ${pkg_append}${PY_PKG_VER}-pyyaml" - else - __PACKAGES="m2crypto PyYAML ${pkg_append}-futures" - fi - - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-crypto ${pkg_append}${PY_PKG_VER}-jinja2 procps-ng" - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-msgpack ${pkg_append}${PY_PKG_VER}-requests ${pkg_append}${PY_PKG_VER}-zmq" - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 fi if [ "${_EXTRA_PACKAGES}" != "" ]; then @@ -6573,41 +5592,6 @@ _eof fi } -install_amazon_linux_ami_stable() { - install_centos_stable || return 1 - return 0 -} - -install_amazon_linux_ami_stable_post() { - install_centos_stable_post || return 1 - return 0 -} - -install_amazon_linux_ami_restart_daemons() { - install_centos_restart_daemons || return 1 - return 0 -} - -install_amazon_linux_ami_git() { - install_centos_git || return 1 - return 0 -} - -install_amazon_linux_ami_git_post() { - install_centos_git_post || return 1 - return 0 -} - -install_amazon_linux_ami_testing() { - install_centos_testing || return 1 - return 0 -} - -install_amazon_linux_ami_testing_post() { - install_centos_testing_post || return 1 - return 0 -} - install_amazon_linux_ami_2_stable() { install_centos_stable || return 1 return 0 @@ -6658,6 +5642,133 @@ install_amazon_linux_ami_2_onedir_post() { return 0 } +# Support for Amazon Linux 2023 +# the following code needs adjustment to allow for 2023, 2024, 2025, etc - 2023 for now +install_amazon_linux_ami_2023_git_deps() { + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + yum -y install ca-certificates || return 1 + fi + + install_amazon_linux_ami_2023_onedir_deps || return 1 + + PY_PKG_VER=3 + PIP_EXE='/bin/pip3' + __PACKAGES="python${PY_PKG_VER}-pip" + + if ! __check_command_exists "${PIP_EXE}"; then + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 + fi + + if ! __check_command_exists git; then + __yum_install_noinput git || return 1 + fi + + __git_clone_and_checkout || return 1 + + __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools python${PY_PKG_VER}-devel gcc" + + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 + + # Let's trigger config_salt() + if [ "$_TEMP_CONFIG_DIR" = "null" ]; then + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" + CONFIG_SALT_FUNC="config_salt" + fi + + return 0 +} + +install_amazon_linux_ami_2023_onedir_deps() { + + # We need to install yum-utils before doing anything else when installing on + # Amazon Linux ECS-optimized images. See issue #974. + __yum_install_noinput yum-utils + + # Do upgrade early + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then + yum -y update || return 1 + fi + + if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 + fi + fi + + if [ "${_EXTRA_PACKAGES}" != "" ]; then + echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" + # shellcheck disable=SC2086 + __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 + fi +} + +install_amazon_linux_ami_2023_stable() { + install_centos_stable || return 1 + return 0 +} + +install_amazon_linux_ami_2023_stable_post() { + install_centos_stable_post || return 1 + return 0 +} + +install_amazon_linux_ami_2023_restart_daemons() { + install_centos_restart_daemons || return 1 + return 0 +} + +install_amazon_linux_ami_2023_git() { + install_centos_git || return 1 + return 0 +} + +install_amazon_linux_ami_2023_git_post() { + install_centos_git_post || return 1 + return 0 +} + +install_amazon_linux_ami_2023_testing() { + install_centos_testing || return 1 + return 0 +} + +install_amazon_linux_ami_2023_testing_post() { + install_centos_testing_post || return 1 + return 0 +} + +install_amazon_linux_ami_2023_check_services() { + install_centos_check_services || return 1 + return 0 +} + +install_amazon_linux_ami_2023_onedir() { + install_centos_stable || return 1 + return 0 +} + +install_amazon_linux_ami_2023_onedir_post() { + install_centos_stable_post || return 1 + return 0 +} + # # Ended Amazon Linux AMI Install Functions # @@ -6685,7 +5796,8 @@ install_arch_linux_stable_deps() { fi if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 + echoerror "Python 2 is no longer supported, only Python 3" + return 1 else PY_PKG_VER="" fi @@ -6693,6 +5805,7 @@ install_arch_linux_stable_deps() { # YAML module is used for generating custom master/minion configs # shellcheck disable=SC2086 pacman -Su --noconfirm --needed python${PY_PKG_VER}-yaml + pacman -Su --noconfirm --needed python${PY_PKG_VER}-tornado if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then # shellcheck disable=SC2086 @@ -6716,33 +5829,21 @@ install_arch_linux_git_deps() { __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - pacman -R --noconfirm python2-distribute - pacman -Su --noconfirm --needed python2-crypto python2-setuptools python2-jinja \ - python2-m2crypto python2-markupsafe python2-msgpack python2-psutil \ - python2-pyzmq zeromq python2-requests python2-systemd || return 1 - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - pacman -Su --noconfirm --needed python2-tornado - fi - fi + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 else - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - else - PY_PKG_VER="" - fi - __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - # shellcheck disable=SC2086 - pacman -Su --noconfirm --needed ${__PACKAGES} + PY_PKG_VER="" fi + __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" + + # shellcheck disable=SC2086 + pacman -Su --noconfirm --needed ${__PACKAGES} + # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -6770,19 +5871,16 @@ install_arch_linux_stable() { } install_arch_linux_git() { + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 + fi - _POST_NEON_PIP_INSTALL_ARGS="${_POST_NEON_PIP_INSTALL_ARGS} --use-pep517" + _PIP_INSTALL_ARGS="${_PIP_INSTALL_ARGS} --use-pep517" _PIP_DOWNLOAD_ARGS="${_PIP_DOWNLOAD_ARGS} --use-pep517" - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - python2 setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install || return 1 - else - python2 setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 - fi + __install_salt_from_repo "${_PY_EXE}" || return 1 + return 0 } @@ -6806,7 +5904,7 @@ install_arch_linux_post() { # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Using systemd /usr/bin/systemctl is-enabled salt-$fname.service > /dev/null 2>&1 || ( /usr/bin/systemctl preset salt-$fname.service > /dev/null 2>&1 && @@ -6837,7 +5935,7 @@ install_arch_linux_git_post() { _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" fi - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -6859,7 +5957,7 @@ install_arch_linux_git_post() { } install_arch_linux_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -6870,7 +5968,7 @@ install_arch_linux_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /usr/bin/systemctl stop salt-$fname.service > /dev/null 2>&1 /usr/bin/systemctl start salt-$fname.service && continue echodebug "Failed to start salt-$fname using systemd" @@ -6886,7 +5984,7 @@ install_arch_linux_restart_daemons() { } install_arch_check_services() { - if [ ! -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Not running systemd!? Don't check! return 0 fi @@ -6928,57 +6026,91 @@ install_arch_linux_onedir_post() { # __install_saltstack_photon_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - REPO_REV="$ONEDIR_REV" - else - REPO_REV="latest" + echodebug "__install_saltstack_photon_onedir_repository() entry" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - REPO_FILE="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/photon/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/photon/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + ## Photon tdnf doesn't support config-manager + ## FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + ## __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + # shellcheck disable=SC2129 + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + ## tdnf config-manager --set-disable salt-repo-* + ## tdnf config-manager --set-enabled salt-repo-3007-sts + echo "[salt-repo-3007-sts]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt v3007 STS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://packages.broadcom.com/artifactory/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "exclude=*3006* *3008* *3009* *3010*" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + else + # Salt 3006 repo + echo "[salt-repo-3006-lts]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt v3006 LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://packages.broadcom.com/artifactory/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "exclude=*3007* *3008* *3009* *3010*" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + ## tdnf config-manager --set-disable salt-repo-* + ## tdnf config-manager --set-enabled salt-repo-latest + echo "[salt-repo-latest]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt LATEST release" >> "${YUM_REPO_FILE}" + echo "baseurl=https://packages.broadcom.com/artifactory/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" fi - - __fetch_url "${REPO_FILE}" "${FETCH_URL}.repo" - - GPG_KEY="SALT-PROJECT-GPG-PUBKEY-2023.pub" - - __rpm_import_gpg "${FETCH_URL}/${GPG_KEY}" || return 1 - tdnf makecache || return 1 - elif [ "$REPO_REV" != "latest" ]; then + elif [ "$ONEDIR_REV" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $REPO_REV." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 } install_photon_deps() { + echodebug "install_photon_deps() entry" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then tdnf -y update || return 1 fi __PACKAGES="${__PACKAGES:=}" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -lt 3 ]; then - echoerror "There are no Python 2 stable packages for Fedora, only Py3 packages" - return 1 - fi - PY_PKG_VER=3 __PACKAGES="${__PACKAGES} libyaml procps-ng python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests python${PY_PKG_VER}-zmq" __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pip python${PY_PKG_VER}-m2crypto python${PY_PKG_VER}-pyyaml" __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-systemd" + if [ "${_EXTRA_PACKAGES}" != "" ]; then echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" fi @@ -6990,6 +6122,8 @@ install_photon_deps() { } install_photon_stable_post() { + echodebug "install_photon_stable_post() entry" + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -7006,17 +6140,21 @@ install_photon_stable_post() { } install_photon_git_deps() { - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - # Packages are named python3- - PY_PKG_VER=3 - else - PY_PKG_VER=2 + echodebug "install_photon_git_deps() entry" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi + # Packages are named python3- + PY_PKG_VER=3 + __PACKAGES="" if ! __check_command_exists ps; then __PACKAGES="${__PACKAGES} procps-ng" fi + if ! __check_command_exists git; then __PACKAGES="${__PACKAGES} git" fi @@ -7029,55 +6167,28 @@ install_photon_git_deps() { __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then + __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc glibc-devel linux-devel.x86_64 cython${PY_PKG_VER}" - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - __PACKAGES="${__PACKAGES} ca-certificates" - fi - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud python${PY_PKG_VER}-netaddr" - fi + echodebug "install_photon_git_deps() distro major version, ${DISTRO_MAJOR_VERSION}" - install_photon_deps || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - if __check_command_exists python3; then - __python="python3" - fi - elif [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - if __check_command_exists python2; then - __python="python2" - fi - else - if ! __check_command_exists python; then - echoerror "Unable to find a python binary?!" - return 1 - fi - # Let's hope it's the right one - __python="python" - fi - - grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" | while IFS=' - ' read -r dep; do - echodebug "Running '${__python}' -m pip install '${dep}'" - "${__python}" -m pip install "${dep}" || return 1 - done - else - __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc glibc-devel linux-devel.x86_64" - # shellcheck disable=SC2086 - __tdnf_install_noinput ${__PACKAGES} || return 1 + ## Photon 5 container is missing systemd on default installation + if [ "${DISTRO_MAJOR_VERSION}" -lt 5 ]; then + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado" fi + # shellcheck disable=SC2086 + __tdnf_install_noinput ${__PACKAGES} || return 1 + if [ "${DISTRO_MAJOR_VERSION}" -gt 3 ]; then # Need newer version of setuptools on Photon - _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION}" - echodebug "Running '${_PY_EXE} -m pip --upgrade install ${_setuptools_dep}'" + _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION},<${_MAXIMUM_SETUPTOOLS_VERSION}" + echodebug "Running '${_PY_EXE} -m pip install --upgrade ${_setuptools_dep}'" ${_PY_EXE} -m pip install --upgrade "${_setuptools_dep}" fi # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -7085,11 +6196,14 @@ install_photon_git_deps() { } install_photon_git() { + echodebug "install_photon_git() entry" + if [ "${_PY_EXE}" != "" ]; then _PYEXE=${_PY_EXE} echoinfo "Using the following python version: ${_PY_EXE} to install salt" else - _PYEXE='python2' + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then @@ -7101,6 +6215,8 @@ install_photon_git() { } install_photon_git_post() { + echodebug "install_photon_git_post() entry" + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -7132,7 +6248,9 @@ install_photon_git_post() { } install_photon_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return + echodebug "install_photon_restart_daemons() entry" + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -7154,6 +6272,8 @@ install_photon_restart_daemons() { } install_photon_check_services() { + echodebug "install_photon_check_services() entry" + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -7170,6 +6290,8 @@ install_photon_check_services() { } install_photon_onedir_deps() { + echodebug "install_photon_onedir_deps() entry" + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then tdnf -y update || return 1 @@ -7186,8 +6308,8 @@ install_photon_onedir_deps() { fi # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has - # its own check in case -r was passed without -R. + # Which was handled in __install_saltstack_rhel_repository buu that hanlded old-stable which is for + # releases which are End-Of-Life. This call has its own check in case -r was passed without -R. if [ "$_CUSTOM_REPO_URL" != "null" ]; then __install_saltstack_photon_onedir_repository || return 1 fi @@ -7209,6 +6331,8 @@ install_photon_onedir_deps() { install_photon_onedir() { + echodebug "install_photon_onedir() entry" + STABLE_REV=$ONEDIR_REV __PACKAGES="" @@ -7226,6 +6350,10 @@ install_photon_onedir() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __tdnf_install_noinput ${__PACKAGES} || return 1 @@ -7243,526 +6371,6 @@ install_photon_onedir_post() { # ####################################################################################################################### -####################################################################################################################### -# -# FreeBSD Install Functions -# - -# Using a separate conf step to head for idempotent install... -__configure_freebsd_pkg_details() { - _SALT_ETC_DIR="/usr/local/etc/salt" - _PKI_DIR=${_SALT_ETC_DIR}/pki - _POST_NEON_PIP_INSTALL_ARGS="--prefix=/usr/local" -} - -install_freebsd_deps() { - __configure_freebsd_pkg_details - pkg install -y pkg -} - -install_freebsd_git_deps() { - install_freebsd_deps || return 1 - - if ! __check_command_exists git; then - /usr/local/sbin/pkg install -y git || return 1 - fi - __git_clone_and_checkout || return 1 - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - SALT_DEPENDENCIES=$(/usr/local/sbin/pkg rquery %dn py39-salt) - # shellcheck disable=SC2086 - /usr/local/sbin/pkg install -y ${SALT_DEPENDENCIES} python || return 1 - - /usr/local/sbin/pkg install -y py39-requests || return 1 - /usr/local/sbin/pkg install -y py39-tornado4 || return 1 - - else - /usr/local/sbin/pkg install -y python py39-pip py39-setuptools libzmq4 libunwind || return 1 - fi - - echodebug "Adapting paths to FreeBSD" - # The list of files was taken from Salt's BSD port Makefile - for file in doc/man/salt-key.1 doc/man/salt-cp.1 doc/man/salt-minion.1 \ - doc/man/salt-syndic.1 doc/man/salt-master.1 doc/man/salt-run.1 \ - doc/man/salt.7 doc/man/salt.1 doc/man/salt-call.1; do - [ ! -f $file ] && continue - echodebug "Patching ${file}" - sed -in -e "s|/etc/salt|${_SALT_ETC_DIR}|" \ - -e "s|/srv/salt|${_SALT_ETC_DIR}/states|" \ - -e "s|/srv/pillar|${_SALT_ETC_DIR}/pillar|" ${file} - done - if [ ! -f salt/syspaths.py ]; then - # We still can't provide the system paths, salt 0.16.x - # Let's patch salt's source and adapt paths to what's expected on FreeBSD - echodebug "Replacing occurrences of '/etc/salt' with ${_SALT_ETC_DIR}" - # The list of files was taken from Salt's BSD port Makefile - for file in conf/minion conf/master salt/config.py salt/client.py \ - salt/modules/mysql.py salt/utils/parsers.py salt/modules/tls.py \ - salt/modules/postgres.py salt/utils/migrations.py; do - [ ! -f $file ] && continue - echodebug "Patching ${file}" - sed -in -e "s|/etc/salt|${_SALT_ETC_DIR}|" \ - -e "s|/srv/salt|${_SALT_ETC_DIR}/states|" \ - -e "s|/srv/pillar|${_SALT_ETC_DIR}/pillar|" ${file} - done - fi - echodebug "Finished patching" - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - - fi - - return 0 -} - -install_freebsd_stable() { -# -# installing latest version of salt from FreeBSD CURRENT ports repo -# - # shellcheck disable=SC2086 - /usr/local/sbin/pkg install -y py39-salt || return 1 - - return 0 -} - -install_freebsd_git() { - - # /usr/local/bin/python3 in FreeBSD is a symlink to /usr/local/bin/python3.7 - __PYTHON_PATH=$(readlink -f "$(command -v python3)") - __ESCAPED_PYTHON_PATH=$(echo "${__PYTHON_PATH}" | sed 's/\//\\\//g') - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${__PYTHON_PATH}" || return 1 - for script in salt_api salt_master salt_minion salt_proxy salt_syndic; do - __fetch_url "/usr/local/etc/rc.d/${script}" "https://raw.githubusercontent.com/freebsd/freebsd-ports/master/sysutils/py-salt/files/${script}.in" || return 1 - sed -i '' 's/%%PREFIX%%/\/usr\/local/g' /usr/local/etc/rc.d/${script} - sed -i '' "s/%%PYTHON_CMD%%/${__ESCAPED_PYTHON_PATH}/g" /usr/local/etc/rc.d/${script} - chmod +x /usr/local/etc/rc.d/${script} || return 1 - done - - return 0 - fi - - # Install from git - if [ ! -f salt/syspaths.py ]; then - # We still can't provide the system paths, salt 0.16.x - ${__PYTHON_PATH} setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 - else - ${__PYTHON_PATH} setup.py \ - --salt-root-dir=/ \ - --salt-config-dir="${_SALT_ETC_DIR}" \ - --salt-cache-dir="${_SALT_CACHE_DIR}" \ - --salt-sock-dir=/var/run/salt \ - --salt-srv-root-dir="${_SALT_ETC_DIR}" \ - --salt-base-file-roots-dir="${_SALT_ETC_DIR}/states" \ - --salt-base-pillar-roots-dir="${_SALT_ETC_DIR}/pillar" \ - --salt-base-master-roots-dir="${_SALT_ETC_DIR}/salt-master" \ - --salt-logs-dir=/var/log/salt \ - --salt-pidfile-dir=/var/run \ - ${SETUP_PY_INSTALL_ARGS} install \ - || return 1 - fi - - for script in salt_api salt_master salt_minion salt_proxy salt_syndic; do - __fetch_url "/usr/local/etc/rc.d/${script}" "https://raw.githubusercontent.com/freebsd/freebsd-ports/master/sysutils/py-salt/files/${script}.in" || return 1 - sed -i '' 's/%%PREFIX%%/\/usr\/local/g' /usr/local/etc/rc.d/${script} - sed -i '' "s/%%PYTHON_CMD%%/${__ESCAPED_PYTHON_PATH}/g" /usr/local/etc/rc.d/${script} - chmod +x /usr/local/etc/rc.d/${script} || return 1 - done - - # And we're good to go - return 0 -} - -install_freebsd_stable_post() { - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - enable_string="salt_${fname}_enable=YES" - grep "$enable_string" /etc/rc.conf >/dev/null 2>&1 - [ $? -eq 1 ] && sysrc $enable_string - - done -} - -install_freebsd_git_post() { - install_freebsd_stable_post || return 1 - return 0 -} - -install_freebsd_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return - - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - service salt_$fname stop > /dev/null 2>&1 - service salt_$fname start - done -} - -install_freebsd_onedir() { -# -# call install_freebsd_stable -# - install_freebsd_stable || return 1 - - return 0 -} -# -# Ended FreeBSD Install Functions -# -####################################################################################################################### - -####################################################################################################################### -# -# OpenBSD Install Functions -# - -install_openbsd_deps() { - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then - OPENBSD_REPO='https://cdn.openbsd.org/pub/OpenBSD' - echoinfo "setting package repository to $OPENBSD_REPO" - echo "${OPENBSD_REPO}" >/etc/installurl || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - pkg_add -I -v ${_EXTRA_PACKAGES} || return 1 - fi - return 0 -} - -install_openbsd_git_deps() { - install_openbsd_deps || return 1 - - if ! __check_command_exists git; then - pkg_add -I -v git || return 1 - fi - __git_clone_and_checkout || return 1 - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - pkg_add -I -v py3-pip py3-setuptools - fi - - # - # Let's trigger config_salt() - # - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi - - return 0 -} - -install_openbsd_git() { - # - # Install from git - # - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - if [ ! -f salt/syspaths.py ]; then - # We still can't provide the system paths, salt 0.16.x - /usr/local/bin/python2.7 setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 - fi - return 0 -} - -install_openbsd_stable() { - pkg_add -r -I -v salt || return 1 - return 0 -} - -install_openbsd_post() { - for fname in api master minion syndic; do - [ $fname = "api" ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - rcctl enable salt_$fname - done - - return 0 -} - -install_openbsd_check_services() { - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && continue - - if [ -f /etc/rc.d/salt_${fname} ]; then - __check_services_openbsd salt_${fname} || return 1 - fi - done - - return 0 -} - -install_openbsd_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return - - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - rcctl restart salt_${fname} - done - - return 0 -} - -install_openbsd_onedir() { -# -# Call install_openbsd_stable -# - install_openbsd_stable || return 1 - - return 0 -} -# -# Ended OpenBSD Install Functions -# -####################################################################################################################### - -####################################################################################################################### -# -# SmartOS Install Functions -# -install_smartos_deps() { - smartos_deps="$(pkgin show-deps salt | grep '^\s' | grep -v '\snot' | xargs) py27-m2crypto" - pkgin -y install "${smartos_deps}" || return 1 - - # Set _SALT_ETC_DIR to SmartOS default if they didn't specify - _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/opt/local/etc/salt} - # We also need to redefine the PKI directory - _PKI_DIR=${_SALT_ETC_DIR}/pki - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - # Let's set the configuration directory to /tmp - _TEMP_CONFIG_DIR="/tmp" - CONFIG_SALT_FUNC="config_salt" - - # Let's download, since they were not provided, the default configuration files - if [ ! -f "$_SALT_ETC_DIR/minion" ] && [ ! -f "$_TEMP_CONFIG_DIR/minion" ]; then - # shellcheck disable=SC2086 - curl $_CURL_ARGS -s -o "$_TEMP_CONFIG_DIR/minion" -L \ - https://raw.githubusercontent.com/saltstack/salt/master/conf/minion || return 1 - fi - if [ ! -f "$_SALT_ETC_DIR/master" ] && [ ! -f $_TEMP_CONFIG_DIR/master ]; then - # shellcheck disable=SC2086 - curl $_CURL_ARGS -s -o "$_TEMP_CONFIG_DIR/master" -L \ - https://raw.githubusercontent.com/saltstack/salt/master/conf/master || return 1 - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - pkgin -y install py27-apache-libcloud || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - pkgin -y install ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 -} - -install_smartos_git_deps() { - install_smartos_deps || return 1 - - if ! __check_command_exists git; then - pkgin -y install git || return 1 - fi - - __git_clone_and_checkout || return 1 - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # Install whichever tornado is in the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - __check_pip_allowed "You need to allow pip based installations (-P) in order to install the python package '${__REQUIRED_TORNADO}'" - - # Install whichever futures is in the requirements file - __REQUIRED_FUTURES="$(grep futures "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - __check_pip_allowed "You need to allow pip based installations (-P) in order to install the python package '${__REQUIRED_FUTURES}'" - - if [ "${__REQUIRED_TORNADO}" != "" ]; then - if ! __check_command_exists pip; then - pkgin -y install py27-pip - fi - pip install -U "${__REQUIRED_TORNADO}" - fi - - if [ "${__REQUIRED_FUTURES}" != "" ]; then - if ! __check_command_exists pip; then - pkgin -y install py27-pip - fi - pip install -U "${__REQUIRED_FUTURES}" - fi - fi - else - if ! __check_command_exists pip; then - pkgin -y install py27-pip - fi - pkgin -y install py27-setuptools - fi - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi - - return 0 -} - -install_smartos_stable() { - pkgin -y install salt || return 1 - return 0 -} - -install_smartos_git() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - # Use setuptools in order to also install dependencies - # lets force our config path on the setup for now, since salt/syspaths.py only got fixed in 2015.5.0 - USE_SETUPTOOLS=1 /opt/local/bin/python setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install || return 1 - return 0 -} - -install_smartos_post() { - smf_dir="/opt/custom/smf" - - # Install manifest files if needed. - for fname in api master minion syndic; do - # Skip if not meant to be installed - [ $fname = "api" ] && \ - ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - svcs network/salt-$fname > /dev/null 2>&1 - if [ $? -eq 1 ]; then - if [ ! -f "$_TEMP_CONFIG_DIR/salt-$fname.xml" ]; then - # shellcheck disable=SC2086 - curl $_CURL_ARGS -s -o "$_TEMP_CONFIG_DIR/salt-$fname.xml" -L \ - "https://raw.githubusercontent.com/saltstack/salt/master/pkg/smartos/salt-$fname.xml" - fi - svccfg import "$_TEMP_CONFIG_DIR/salt-$fname.xml" - if [ "${VIRTUAL_TYPE}" = "global" ]; then - if [ ! -d "$smf_dir" ]; then - mkdir -p "$smf_dir" || return 1 - fi - if [ ! -f "$smf_dir/salt-$fname.xml" ]; then - __copyfile "$_TEMP_CONFIG_DIR/salt-$fname.xml" "$smf_dir/" || return 1 - fi - fi - fi - done - - return 0 -} - -install_smartos_git_post() { - smf_dir="/opt/custom/smf" - - # Install manifest files if needed. - for fname in api master minion syndic; do - # Skip if not meant to be installed - [ $fname = "api" ] && \ - ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - svcs "network/salt-$fname" > /dev/null 2>&1 - if [ $? -eq 1 ]; then - svccfg import "${_SALT_GIT_CHECKOUT_DIR}/pkg/smartos/salt-$fname.xml" - if [ "${VIRTUAL_TYPE}" = "global" ]; then - if [ ! -d $smf_dir ]; then - mkdir -p "$smf_dir" - fi - if [ ! -f "$smf_dir/salt-$fname.xml" ]; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/smartos/salt-$fname.xml" "$smf_dir/" - fi - fi - fi - done - - return 0 -} - -install_smartos_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return - - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - # Stop if running && Start service - svcadm disable salt-$fname > /dev/null 2>&1 - svcadm enable salt-$fname - done - - return 0 -} -install_smartos_onedir() { -# -# call install_smartos_stable -# - install_smartos_stable || return 1 - - return 0 -} -# -# Ended SmartOS Install Functions -# -####################################################################################################################### ####################################################################################################################### # @@ -7844,7 +6452,7 @@ __zypper_install() { __opensuse_prep_install() { # DRY function for common installation preparatory steps for SUSE - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then + if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then # Is the repository already known __set_suse_pkg_repo # Check zypper repos and refresh if necessary @@ -7876,7 +6484,7 @@ install_opensuse_stable_deps() { # YAML module is used for generating custom master/minion configs # requests is still used by many salt modules # Salt needs python-zypp installed in order to use the zypper module - __PACKAGES="python-PyYAML python-requests python-zypp" + __PACKAGES="python${PY_PKG_VER}-PyYAML python${PY_PKG_VER}-requests python${PY_PKG_VER}-zypp" # shellcheck disable=SC2086 __zypper_install ${__PACKAGES} || return 1 @@ -7903,27 +6511,11 @@ install_opensuse_git_deps() { __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __zypper_install patch || return 1 - - __PACKAGES="libzmq5 python-Jinja2 python-m2crypto python-msgpack-python python-pycrypto python-pyzmq python-xml python-futures" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python-tornado" - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi # Check for Tumbleweed - elif [ "${DISTRO_MAJOR_VERSION}" -ge 20210101 ]; then + if [ "${DISTRO_MAJOR_VERSION}" -ge 20210101 ]; then __PACKAGES="python3-pip gcc-c++ python3-pyzmq-devel" else - __PACKAGES="python-pip python-setuptools gcc" + __PACKAGES="python3-pip python3-setuptools gcc" fi # shellcheck disable=SC2086 @@ -7931,7 +6523,7 @@ install_opensuse_git_deps() { # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -7958,6 +6550,10 @@ install_opensuse_stable() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __zypper_install $__PACKAGES || return 1 @@ -7965,12 +6561,7 @@ install_opensuse_stable() { } install_opensuse_git() { - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - python setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 } @@ -7988,7 +6579,7 @@ install_opensuse_stable_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] || [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload @@ -8011,7 +6602,7 @@ install_opensuse_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if command -v systemctl; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then use_usr_lib=$BS_FALSE if [ "${DISTRO_MAJOR_VERSION}" -ge 15 ]; then @@ -8052,7 +6643,7 @@ install_opensuse_onedir_post() { } install_opensuse_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -8063,7 +6654,7 @@ install_opensuse_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then systemctl stop salt-$fname > /dev/null 2>&1 systemctl start salt-$fname.service && continue echodebug "Failed to start salt-$fname using systemd" @@ -8079,7 +6670,7 @@ install_opensuse_restart_daemons() { } install_opensuse_check_services() { - if [ ! -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Not running systemd!? Don't check! return 0 fi @@ -8113,11 +6704,10 @@ install_opensuse_15_stable_deps() { # SUSE only packages Salt for Python 3 on Leap 15 # Py3 is the default bootstrap install for Leap 15 - # However, git installs might specify "-x python2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - else - PY_PKG_VER=3 + # However, git installs that specify "-x python2" are disallowed + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # YAML module is used for generating custom master/minion configs @@ -8145,47 +6735,20 @@ install_opensuse_15_git_deps() { __git_clone_and_checkout || return 1 - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - else - PY_PKG_VER=3 + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - __PACKAGES="python${PY_PKG_VER}-xml" - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - # Py3 is the default bootstrap install for Leap 15 - # However, git installs might specify "-x python2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - # This is required by some of the python2 packages below - __PACKAGES="${__PACKAGES} libpython2_7-1_0 python2-futures python-ipaddress" - fi - - __PACKAGES="${__PACKAGES} libzmq5 python${PY_PKG_VER}-Jinja2 python${PY_PKG_VER}-msgpack" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pycrypto python${PY_PKG_VER}-pyzmq" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado" - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-apache-libcloud" - fi - else - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - fi + PY_PKG_VER=3 + __PACKAGES="python${PY_PKG_VER}-xml python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" # shellcheck disable=SC2086 __zypper_install ${__PACKAGES} || return 1 # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -8196,17 +6759,12 @@ install_opensuse_15_git() { # Py3 is the default bootstrap install for Leap 15 if [ -n "$_PY_EXE" ]; then - _PYEXE=${_PY_EXE} + _PYEXE="${_PY_EXE}" else _PYEXE=python3 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - ${_PYEXE} setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 } @@ -8291,266 +6849,6 @@ install_suse_15_restart_daemons() { # ####################################################################################################################### -####################################################################################################################### -# -# SUSE Enterprise 12 -# - -install_suse_12_stable_deps() { - __opensuse_prep_install || return 1 - - # YAML module is used for generating custom master/minion configs - # requests is still used by many salt modules - # Salt needs python-zypp installed in order to use the zypper module - __PACKAGES="python-PyYAML python-requests python-zypp" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi - - # shellcheck disable=SC2086,SC2090 - __zypper_install ${__PACKAGES} || return 1 - - # SLES 11 SP3 ships with both python-M2Crypto-0.22.* and python-m2crypto-0.21 and we will be asked which - # we want to install, even with --non-interactive. - # Let's try to install the higher version first and then the lower one in case of failure - __zypper_install 'python-M2Crypto>=0.22' || __zypper_install 'python-M2Crypto>=0.21' || return 1 - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __zypper_install ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 -} - -install_suse_12_git_deps() { - install_suse_12_stable_deps || return 1 - - if ! __check_command_exists git; then - __zypper_install git-core || return 1 - fi - - __git_clone_and_checkout || return 1 - - __PACKAGES="" - # shellcheck disable=SC2089 - __PACKAGES="${__PACKAGES} libzmq4 python-Jinja2 python-msgpack-python python-pycrypto" - __PACKAGES="${__PACKAGES} python-pyzmq python-xml" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python-tornado" - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi - - # shellcheck disable=SC2086 - __zypper_install ${__PACKAGES} || return 1 - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi - - return 0 -} - -install_suse_12_onedir_deps() { - install_suse_12_stable_deps || return 1 - return 0 -} - -install_suse_12_stable() { - install_opensuse_stable || return 1 - return 0 -} - -install_suse_12_git() { - install_opensuse_git || return 1 - return 0 -} - -install_suse_12_onedir() { - install_opensuse_stable || return 1 - return 0 -} - -install_suse_12_stable_post() { - install_opensuse_stable_post || return 1 - return 0 -} - -install_suse_12_git_post() { - install_opensuse_git_post || return 1 - return 0 -} - -install_suse_12_onedir_post() { - install_opensuse_stable_post || return 1 - return 0 -} - -install_suse_12_restart_daemons() { - install_opensuse_restart_daemons || return 1 - return 0 -} - -# -# End of SUSE Enterprise 12 -# -####################################################################################################################### - -####################################################################################################################### -# -# SUSE Enterprise 11 -# - -install_suse_11_stable_deps() { - __opensuse_prep_install || return 1 - - # YAML module is used for generating custom master/minion configs - __PACKAGES="python-PyYAML" - - # shellcheck disable=SC2086,SC2090 - __zypper_install ${__PACKAGES} || return 1 - - # SLES 11 SP3 ships with both python-M2Crypto-0.22.* and python-m2crypto-0.21 and we will be asked which - # we want to install, even with --non-interactive. - # Let's try to install the higher version first and then the lower one in case of failure - __zypper_install 'python-M2Crypto>=0.22' || __zypper_install 'python-M2Crypto>=0.21' || return 1 - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __zypper_install ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 -} - -install_suse_11_git_deps() { - install_suse_11_stable_deps || return 1 - - if ! __check_command_exists git; then - __zypper_install git || return 1 - fi - - __git_clone_and_checkout || return 1 - - __PACKAGES="" - # shellcheck disable=SC2089 - __PACKAGES="${__PACKAGES} libzmq4 python-Jinja2 python-msgpack-python python-pycrypto" - __PACKAGES="${__PACKAGES} python-pyzmq python-xml python-zypp" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python-tornado" - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi - - # shellcheck disable=SC2086 - __zypper_install ${__PACKAGES} || return 1 - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi - - return 0 -} - -install_suse_11_onedir_deps() { - install_suse_11_stable_deps || return 1 - return 0 -} - -install_suse_11_stable() { - install_opensuse_stable || return 1 - return 0 -} - -install_suse_11_git() { - install_opensuse_git || return 1 - return 0 -} - -install_suse_11_onedir() { - install_opensuse_stable || return 1 - return 0 -} - -install_suse_11_stable_post() { - install_opensuse_stable_post || return 1 - return 0 -} - -install_suse_11_git_post() { - install_opensuse_git_post || return 1 - return 0 -} - -install_suse_11_onedir_post() { - install_opensuse_stable_post || return 1 - return 0 -} - -install_suse_11_restart_daemons() { - install_opensuse_restart_daemons || return 1 - return 0 -} - - -# -# End of SUSE Enterprise 11 -# -####################################################################################################################### - -####################################################################################################################### -# -# SUSE Enterprise General Functions -# - -# Used for both SLE 11 and 12 -install_suse_check_services() { - if [ ! -f /bin/systemctl ]; then - # Not running systemd!? Don't check! - return 0 - fi - - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - __check_services_systemd salt-$fname || return 1 - done - - return 0 -} - -# -# End of SUSE Enterprise General Functions -# -####################################################################################################################### ####################################################################################################################### # @@ -8608,9 +6906,15 @@ __gentoo_pre_dep() { mkdir /etc/portage fi - # Enable Python 3.7 target for Salt Neon using GIT - if [ "${ITYPE}" = "git" ] && [ "${GIT_REV}" = "v3000" ]; then - EXTRA_PYTHON_TARGET=python3_7 + # Enable Python 3.10 target for Salt 3006 or later, otherwise 3.7 as previously, using GIT + if [ "${ITYPE}" = "git" ]; then + GIT_REV_MAJOR=$(echo "${GIT_REV}" | awk -F "." '{print $1}') + if [ "${GIT_REV_MAJOR}" = "v3006" ] || [ "${GIT_REV_MAJOR}" = "v3007" ]; then + EXTRA_PYTHON_TARGET=python3_10 + else + # assume pre-3006, so leave it as Python 3.7 + EXTRA_PYTHON_TARGET=python3_7 + fi fi if [ -n "${EXTRA_PYTHON_TARGET:-}" ]; then @@ -8626,7 +6930,6 @@ __gentoo_post_dep() { echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" # shellcheck disable=SC2086 __autounmask ${_EXTRA_PACKAGES} || return 1 - # shellcheck disable=SC2086 __emerge ${_EXTRA_PACKAGES} || return 1 fi @@ -8670,27 +6973,6 @@ install_gentoo_git_deps() { GENTOO_GIT_PACKAGES="${GENTOO_GIT_PACKAGES:-} dev-vcs/git" fi - # Salt <3000 does not automatically install dependencies. It has to be done manually. - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - GENTOO_GIT_PACKAGES="${GENTOO_GIT_PACKAGES:-} - sys-apps/pciutils - dev-python/pyyaml - dev-python/pyzmq - dev-python/libnacl - dev-python/pycryptodome - dev-python/py - dev-python/requests - /etc/paths.d/salt fi @@ -9159,17 +7404,20 @@ install_macosx_stable_post() { } install_macosx_onedir_post() { + install_macosx_stable_post || return 1 return 0 } install_macosx_git_post() { + install_macosx_stable_post || return 1 return 0 } install_macosx_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then /bin/launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 @@ -9194,6 +7442,7 @@ install_macosx_restart_daemons() { # the -c options is passed. # config_salt() { + # If the configuration directory is not passed, return [ "$_TEMP_CONFIG_DIR" = "null" ] && return @@ -9237,7 +7486,7 @@ config_salt() { # Check if a minion config file already exists and move to .bak if needed if [ -f "$_SALT_ETC_DIR/minion" ] && [ "$CREATE_BAK" -eq "$BS_TRUE" ]; then - __movefile "$_SALT_ETC_DIR/minion" "$_SALT_ETC_DIR/minion.bak" $BS_TRUE || return 1 + __movefile "$_SALT_ETC_DIR/minion" "$_SALT_ETC_DIR/minion.bak" "$BS_TRUE" || return 1 CONFIGURED_ANYTHING=$BS_TRUE fi @@ -9280,8 +7529,11 @@ config_salt() { if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ] && [ "$_CONFIG_ONLY" -eq $BS_TRUE ]; then OVERWRITE_MASTER_CONFIGS=$BS_TRUE fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ] && [ "$_CONFIG_ONLY" -eq $BS_TRUE ]; then + OVERWRITE_MASTER_CONFIGS=$BS_TRUE + fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ] || [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ] || [ "$OVERWRITE_MASTER_CONFIGS" -eq $BS_TRUE ] || [ "$_CUSTOM_MASTER_CONFIG" != "null" ]; then + if [ "$_INSTALL_MASTER" -eq $BS_TRUE ] || [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ] || [ "$_INSTALL_SALT_API" -eq $BS_TRUE ] || [ "$OVERWRITE_MASTER_CONFIGS" -eq $BS_TRUE ] || [ "$_CUSTOM_MASTER_CONFIG" != "null" ]; then # Create the PKI directory [ -d "$_PKI_DIR/master" ] || (mkdir -p "$_PKI_DIR/master" && chmod 700 "$_PKI_DIR/master") || return 1 @@ -9290,7 +7542,7 @@ config_salt() { # Check if a master config file already exists and move to .bak if needed if [ -f "$_SALT_ETC_DIR/master" ] && [ "$CREATE_BAK" -eq "$BS_TRUE" ]; then - __movefile "$_SALT_ETC_DIR/master" "$_SALT_ETC_DIR/master.bak" $BS_TRUE || return 1 + __movefile "$_SALT_ETC_DIR/master" "$_SALT_ETC_DIR/master.bak" "$BS_TRUE" || return 1 CONFIGURED_ANYTHING=$BS_TRUE fi @@ -9304,7 +7556,7 @@ config_salt() { CONFIGURED_ANYTHING=$BS_TRUE fi - # Copy the master's keys if found + # Copy the masters keys if found if [ -f "$_TEMP_CONFIG_DIR/master.pem" ]; then __movefile "$_TEMP_CONFIG_DIR/master.pem" "$_PKI_DIR/master/" || return 1 chmod 400 "$_PKI_DIR/master/master.pem" || return 1 @@ -9334,7 +7586,7 @@ config_salt() { done fi - if [ "$_CONFIG_ONLY" -eq $BS_TRUE ] && [ $CONFIGURED_ANYTHING -eq $BS_FALSE ]; then + if [ "$_CONFIG_ONLY" -eq $BS_TRUE ] && [ "$CONFIGURED_ANYTHING" -eq $BS_FALSE ]; then echowarn "No configuration or keys were copied over. No configuration was done!" exit 0 fi @@ -9352,6 +7604,7 @@ config_salt() { # as long as the -k option is passed. # preseed_master() { + # Create the PKI directory if [ "$(find "$_TEMP_KEYS_DIR" -maxdepth 1 -type f | wc -l)" -lt 1 ]; then @@ -9386,6 +7639,7 @@ preseed_master() { # This function checks if all of the installed daemons are running or not. # daemons_running_onedir() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 FAILED_DAEMONS=0 @@ -9423,6 +7677,7 @@ daemons_running_onedir() { # This function checks if all of the installed daemons are running or not. # daemons_running() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 FAILED_DAEMONS=0 @@ -9437,7 +7692,7 @@ daemons_running() { # shellcheck disable=SC2009 if [ "${DISTRO_NAME}" = "SmartOS" ]; then - if [ "$(svcs -Ho STA salt-$fname)" != "ON" ]; then + if [ "$(svcs -Ho STA "salt-$fname")" != "ON" ]; then echoerror "salt-$fname was not found running" FAILED_DAEMONS=$((FAILED_DAEMONS + 1)) fi @@ -9447,7 +7702,7 @@ daemons_running() { fi done - return $FAILED_DAEMONS + return ${FAILED_DAEMONS} } # # Ended daemons running check function @@ -9470,9 +7725,10 @@ if [ ${_NO_DEPS} -eq $BS_FALSE ]; then fi DEPS_INSTALL_FUNC="null" -for FUNC_NAME in $(__strip_duplicates "$DEP_FUNC_NAMES"); do - if __function_defined "$FUNC_NAME"; then - DEPS_INSTALL_FUNC="$FUNC_NAME" +# shellcheck disable=SC2086 +for FUNC_NAME in $(__strip_duplicates ${DEP_FUNC_NAMES}); do + if __function_defined ${FUNC_NAME}; then + DEPS_INSTALL_FUNC=${FUNC_NAME} break fi done @@ -9582,7 +7838,7 @@ for FUNC_NAME in $(__strip_duplicates "$DAEMONS_RUNNING_FUNC_NAMES"); do done echodebug "DAEMONS_RUNNING_FUNC=${DAEMONS_RUNNING_FUNC}" -# Let's get the check services function +# Lets get the check services function if [ ${_DISABLE_SALT_CHECKS} -eq $BS_FALSE ]; then CHECK_SERVICES_FUNC_NAMES="install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}_${ITYPE}_check_services" CHECK_SERVICES_FUNC_NAMES="$CHECK_SERVICES_FUNC_NAMES install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}${PREFIXED_DISTRO_MINOR_VERSION}_${ITYPE}_check_services" @@ -9615,7 +7871,7 @@ fi # Install dependencies -if [ ${_NO_DEPS} -eq $BS_FALSE ] && [ $_CONFIG_ONLY -eq $BS_FALSE ]; then +if [ "${_NO_DEPS}" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then # Only execute function is not in config mode only echoinfo "Running ${DEPS_INSTALL_FUNC}()" if ! ${DEPS_INSTALL_FUNC}; then @@ -9639,7 +7895,7 @@ if [ "$_CUSTOM_MASTER_CONFIG" != "null" ] || [ "$_CUSTOM_MINION_CONFIG" != "null _TEMP_CONFIG_DIR="$_SALT_ETC_DIR" fi - if [ ${_NO_DEPS} -eq $BS_FALSE ] && [ $_CONFIG_ONLY -eq $BS_TRUE ]; then + if [ "${_NO_DEPS}" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_TRUE ]; then # Execute function to satisfy dependencies for configuration step echoinfo "Running ${DEPS_INSTALL_FUNC}()" if ! ${DEPS_INSTALL_FUNC}; then @@ -9713,6 +7969,7 @@ fi if [ "$STARTDAEMONS_INSTALL_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; then echoinfo "Running ${STARTDAEMONS_INSTALL_FUNC}()" echodebug "Waiting ${_SLEEP} seconds for processes to settle before checking for them" + # shellcheck disable=SC2086 sleep ${_SLEEP} if ! ${STARTDAEMONS_INSTALL_FUNC}; then echoerror "Failed to run ${STARTDAEMONS_INSTALL_FUNC}()!!!" @@ -9724,6 +7981,7 @@ fi if [ "$DAEMONS_RUNNING_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; then echoinfo "Running ${DAEMONS_RUNNING_FUNC}()" echodebug "Waiting ${_SLEEP} seconds for processes to settle before checking for them" + # shellcheck disable=SC2086 sleep ${_SLEEP} # Sleep a little bit to let daemons start if ! ${DAEMONS_RUNNING_FUNC}; then echoerror "Failed to run ${DAEMONS_RUNNING_FUNC}()!!!" @@ -9746,7 +8004,7 @@ if [ "$DAEMONS_RUNNING_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; echodebug "Running salt-$fname by hand outputs: $(nohup salt-$fname -l debug)" - [ ! -f /var/log/salt/$fname ] && echodebug "/var/log/salt/$fname does not exist. Can't cat its contents!" && continue + [ ! -f "/var/log/salt/$fname" ] && echodebug "/var/log/salt/$fname does not exist. Can't cat its contents!" && continue echodebug "DAEMON LOGS for $fname:" echodebug "$(cat /var/log/salt/$fname)"