From c41e19ad0b301f1deae35365e62544e987045fdd Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 25 Oct 2023 11:01:13 -0400 Subject: [PATCH] Revert "Upgrade/salt3006.3" --- salt/common/tools/sbin/so-common | 75 +- salt/manager/tools/sbin/soup | 62 +- salt/salt/map.jinja | 2 +- salt/salt/master.defaults.yaml | 2 +- salt/salt/minion.defaults.yaml | 2 +- salt/salt/scripts/bootstrap-salt.sh | 2102 +++------------------------ setup/so-functions | 5 +- 7 files changed, 251 insertions(+), 1999 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 87f40c9d4..fc14e9d0a 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -152,18 +152,15 @@ check_salt_master_status() { return 0 } -# this is only intended to be used to check the status of the minion check_salt_minion_status() { - local minion="$1" - local timeout="${2:-5}" - local logfile="${3:-'/dev/stdout'}" - echo "Checking if the salt minion will respond to jobs" >> "$logfile" 2>&1 - salt "$minion" test.ping -t $timeout > /dev/null 2>&1 + local timeout="${1:-5}" + echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1 + salt "$MINION_ID" test.ping -t $timeout > /dev/null 2>&1 local status=$? if [ $status -gt 0 ]; then - echo " Minion did not respond" >> "$logfile" 2>&1 + echo " Minion did not respond" >> "$setup_log" 2>&1 else - echo " Received job response from salt minion" >> "$logfile" 2>&1 + echo " Received job response from salt minion" >> "$setup_log" 2>&1 fi return $status @@ -443,24 +440,6 @@ run_check_net_err() { fi } -wait_for_salt_minion() { - local minion="$1" - local timeout="${2:-5}" - local logfile="${3:-'/dev/stdout'}" - retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$logfile" 2>&1 || fail - local attempt=0 - # each attempts would take about 15 seconds - local maxAttempts=20 - until check_salt_minion_status "$minion" "$timeout" "$logfile"; do - attempt=$((attempt+1)) - if [[ $attempt -eq $maxAttempts ]]; then - return 1 - fi - sleep 10 - done - return 0 -} - salt_minion_count() { local MINIONDIR="/opt/so/saltstack/local/pillar/minions" MINIONCOUNT=$(ls -la $MINIONDIR/*.sls | grep -v adv_ | wc -l) @@ -473,51 +452,19 @@ set_os() { OS=rocky OSVER=9 is_rocky=true - is_rpm=true elif grep -q "CentOS Stream release 9" /etc/redhat-release; then OS=centos OSVER=9 is_centos=true - is_rpm=true - elif grep -q "AlmaLinux release 9" /etc/redhat-release; then - OS=alma + elif grep -q "Oracle Linux Server release 9" /etc/system-release; then + OS=oel OSVER=9 - is_alma=true - is_rpm=true - elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then - if [ -f /etc/oracle-release ]; then - OS=oracle - OSVER=9 - is_oracle=true - is_rpm=true - else - OS=rhel - OSVER=9 - is_rhel=true - is_rpm=true - fi + is_oracle=true fi cron_service_name="crond" - elif [ -f /etc/os-release ]; then - if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then - OSVER=focal - UBVER=20.04 - OS=ubuntu - is_ubuntu=true - is_deb=true - elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then - OSVER=jammy - UBVER=22.04 - OS=ubuntu - is_ubuntu=true - is_deb=true - elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then - OSVER=bookworm - DEBVER=12 - is_debian=true - OS=debian - is_deb=true - fi + else + OS=ubuntu + is_ubuntu=true cron_service_name="cron" fi } diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index dee39ac59..fc07765b8 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -460,6 +460,7 @@ stop_salt_master() { echo "" echo "Killing any queued Salt jobs on the manager." pkill -9 -ef "/usr/bin/python3 /bin/salt" >> $SOUP_LOG 2>&1 + set -e echo "" echo "Storing salt-master pid." @@ -467,7 +468,6 @@ stop_salt_master() { echo "Found salt-master PID $MASTERPID" systemctl_func "stop" "salt-master" timeout 30 tail --pid=$MASTERPID -f /dev/null || echo "salt-master still running at $(date +"%T.%6N") after waiting 30s. We cannot kill due to systemd restart option." - set -e } stop_salt_minion() { @@ -480,12 +480,14 @@ stop_salt_minion() { echo "" echo "Killing Salt jobs on this node." salt-call saltutil.kill_all_jobs --local + set -e echo "Storing salt-minion pid." MINIONPID=$(pgrep -f '/opt/saltstack/salt/bin/python3.10 /usr/bin/salt-minion' | head -1) echo "Found salt-minion PID $MINIONPID" systemctl_func "stop" "salt-minion" + set +e timeout 30 tail --pid=$MINIONPID -f /dev/null || echo "Killing salt-minion at $(date +"%T.%6N") after waiting 30s" && pkill -9 -ef /usr/bin/salt-minion set -e } @@ -618,7 +620,6 @@ upgrade_check_salt() { if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then echo "You are already running the correct version of Salt for Security Onion." else - echo "Salt needs to be upgraded to $NEWSALTVERSION." UPGRADESALT=1 fi } @@ -627,48 +628,22 @@ upgrade_salt() { SALTUPGRADED=True echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION." echo "" - # If rhel family - if [[ $is_rpm ]]; then + # If CentOS + if [[ $OS == 'centos' ]]; then echo "Removing yum versionlock for Salt." echo "" yum versionlock delete "salt-*" echo "Updating Salt packages." echo "" set +e - # if oracle run with -r to ignore repos set by bootstrap - if [[ $OS == 'oracle' ]]; then - run_check_net_err \ - "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \ - "Could not update salt, please check $SOUP_LOG for details." - # if another rhel family variant we want to run without -r to allow the bootstrap script to manage repos - else - run_check_net_err \ - "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -F -M -x python3 stable \"$NEWSALTVERSION\"" \ - "Could not update salt, please check $SOUP_LOG for details." - fi + run_check_net_err \ + "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \ + "Could not update salt, please check $SOUP_LOG for details." set -e echo "Applying yum versionlock for Salt." echo "" yum versionlock add "salt-*" # Else do Ubuntu things - elif [[ $is_deb ]]; then - echo "Removing apt hold for Salt." - echo "" - apt-mark unhold "salt-common" - apt-mark unhold "salt-master" - apt-mark unhold "salt-minion" - echo "Updating Salt packages." - echo "" - set +e - run_check_net_err \ - "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -F -M -x python3 stable \"$NEWSALTVERSION\"" \ - "Could not update salt, please check $SOUP_LOG for details." - set -e - echo "Applying apt hold for Salt." - echo "" - apt-mark hold "salt-common" - apt-mark hold "salt-master" - apt-mark hold "salt-minion" fi echo "Checking if Salt was upgraded." @@ -680,7 +655,7 @@ upgrade_salt() { echo "Once the issue is resolved, run soup again." echo "Exiting." echo "" - exit 1 + exit 0 else echo "Salt upgrade success." echo "" @@ -810,7 +785,7 @@ main() { if [[ $is_airgap -eq 0 ]]; then yum clean all check_os_updates - elif [[ $OS == 'oracle' ]]; then + elif [[ $OS == 'oel' ]]; then # sync remote repo down to local if not airgap repo_sync check_os_updates @@ -827,8 +802,7 @@ main() { echo "Hotfix applied" update_version enable_highstate - (wait_for_salt_minion "$MINIONID" "5" '/dev/stdout' || fail "Salt minion was not running or ready.") 2>&1 | tee -a "$SOUP_LOG" - highstate + salt-call state.highstate -l info queue=True else echo "" echo "Performing upgrade from Security Onion $INSTALLEDVERSION to Security Onion $NEWVERSION." @@ -864,14 +838,6 @@ main() { echo "Upgrading Salt" # Update the repo files so it can actually upgrade upgrade_salt - - # for Debian based distro, we need to stop salt again after upgrade output below is from bootstrap-salt - # * WARN: Not starting daemons on Debian based distributions - # is not working mostly because starting them is the default behaviour. - if [[ $is_deb ]]; then - stop_salt_minion - stop_salt_master - fi fi preupgrade_changes @@ -934,8 +900,7 @@ main() { echo "" echo "Running a highstate. This could take several minutes." set +e - (wait_for_salt_minion "$MINIONID" "5" '/dev/stdout' || fail "Salt minion was not running or ready.") 2>&1 | tee -a "$SOUP_LOG" - highstate + salt-call state.highstate -l info queue=True set -e stop_salt_master @@ -950,8 +915,7 @@ main() { set -e echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes." - (wait_for_salt_minion "$MINIONID" "5" '/dev/stdout' || fail "Salt minion was not running or ready.") 2>&1 | tee -a "$SOUP_LOG" - highstate + salt-call state.highstate -l info queue=True postupgrade_changes [[ $is_airgap -eq 0 ]] && unmount_update diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 131ff46ca..1120685fb 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -23,7 +23,7 @@ {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %} {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} {% elif grains.os_family|lower == 'debian' %} - {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION %} + {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %} diff --git a/salt/salt/master.defaults.yaml b/salt/salt/master.defaults.yaml index 40b6f5268..126039802 100644 --- a/salt/salt/master.defaults.yaml +++ b/salt/salt/master.defaults.yaml @@ -2,4 +2,4 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: master: - version: 3006.3 + version: 3006.1 diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index 71fd18f96..7e1540d17 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -2,6 +2,6 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: minion: - version: 3006.3 + version: 3006.1 check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default service_start_delay: 30 # in seconds. diff --git a/salt/salt/scripts/bootstrap-salt.sh b/salt/salt/scripts/bootstrap-salt.sh index a016524e6..47d25949c 100644 --- a/salt/salt/scripts/bootstrap-salt.sh +++ b/salt/salt/scripts/bootstrap-salt.sh @@ -14,7 +14,7 @@ # # BUGS: https://github.com/saltstack/salt-bootstrap/issues # -# COPYRIGHT: (c) 2012-2022 by the SaltStack Team, see AUTHORS.rst for more +# COPYRIGHT: (c) 2012-2021 by the SaltStack Team, see AUTHORS.rst for more # details. # # LICENSE: Apache 2.0 @@ -23,7 +23,7 @@ #====================================================================================================================== set -o nounset # Treat unset variables as an error -__ScriptVersion="2023.08.03" +__ScriptVersion="2021.09.17" __ScriptName="bootstrap-salt.sh" __ScriptFullName="$0" @@ -224,6 +224,7 @@ _KEEP_TEMP_FILES=${BS_KEEP_TEMP_FILES:-$BS_FALSE} _TEMP_CONFIG_DIR="null" _SALTSTACK_REPO_URL="https://github.com/saltstack/salt.git" _SALT_REPO_URL=${_SALTSTACK_REPO_URL} +_DOWNSTREAM_PKG_REPO=$BS_FALSE _TEMP_KEYS_DIR="null" _SLEEP="${__DEFAULT_SLEEP}" _INSTALL_MASTER=$BS_FALSE @@ -267,8 +268,6 @@ _CUSTOM_MASTER_CONFIG="null" _CUSTOM_MINION_CONFIG="null" _QUIET_GIT_INSTALLATION=$BS_FALSE _REPO_URL="repo.saltproject.io" -_ONEDIR_DIR="salt" -_ONEDIR_NIGHTLY_DIR="salt-dev/${_ONEDIR_DIR}" _PY_EXE="python3" _INSTALL_PY="$BS_FALSE" _TORNADO_MAX_PY3_VERSION="5.0" @@ -276,9 +275,6 @@ _POST_NEON_INSTALL=$BS_FALSE _MINIMUM_PIP_VERSION="9.0.1" _MINIMUM_SETUPTOOLS_VERSION="9.1" _POST_NEON_PIP_INSTALL_ARGS="--prefix=/usr" -_PIP_DOWNLOAD_ARGS="" -_QUICK_START="$BS_FALSE" -_AUTO_ACCEPT_MINION_KEYS="$BS_FALSE" # Defaults for install arguments ITYPE="stable" @@ -294,130 +290,110 @@ __usage() { Usage : ${__ScriptName} [options] [install-type-args] Installation types: - - stable Install latest stable release. This is the default - install type - - stable [branch] Install latest version on a branch. Only supported - for packages available at repo.saltproject.io - - stable [version] Install a specific version. Only supported for - packages available at repo.saltproject.io - To pin a 3xxx minor version, specify it as 3xxx.0 - - testing RHEL-family specific: configure EPEL testing repo - - git Install from the head of the master branch - - git [ref] Install from any git ref (such as a branch, tag, or - commit) - - onedir Install latest onedir release. - - onedir [version] Install a specific version. Only supported for - onedir packages available at repo.saltproject.io - - - onedir_rc Install latest onedir RC release. - - onedir_rc [version] Install a specific version. Only supported for - onedir RC packages available at repo.saltproject.io - - old-stable Install latest old stable release. - - old-stable [branch] Install latest version on a branch. Only supported - for packages available at repo.saltproject.io - - old-stable [version] Install a specific version. Only supported for - packages available at repo.saltproject.io - To pin a 3xxx minor version, specify it as 3xxx.0 + - stable Install latest stable release. This is the default + install type + - stable [branch] Install latest version on a branch. Only supported + for packages available at repo.saltproject.io + - stable [version] Install a specific version. Only supported for + packages available at repo.saltproject.io + To pin a 3xxx minor version, specify it as 3xxx.0 + - testing RHEL-family specific: configure EPEL testing repo + - git Install from the head of the master branch + - git [ref] Install from any git ref (such as a branch, tag, or + commit) Examples: - ${__ScriptName} - ${__ScriptName} stable - - ${__ScriptName} stable 3006 - - ${__ScriptName} stable 3006.1 + - ${__ScriptName} stable 2017.7 + - ${__ScriptName} stable 2017.7.2 - ${__ScriptName} testing - ${__ScriptName} git - ${__ScriptName} git 2017.7 - ${__ScriptName} git v2017.7.2 - ${__ScriptName} git 06f249901a2e2f1ed310d58ea3921a129f214358 - - ${__ScriptName} onedir - - ${__ScriptName} onedir 3006 - - ${__ScriptName} onedir_rc - - ${__ScriptName} onedir_rc 3006 - - ${__ScriptName} old-stable - - ${__ScriptName} old-stable 3005 - - ${__ScriptName} old-stable 3005.1 - Options: - -a Pip install all Python pkg dependencies for Salt. Requires -V to install - all pip pkgs into the virtualenv. - (Only available for Ubuntu based distributions) - -A Pass the salt-master DNS name or IP. This will be stored under - \${BS_SALT_ETC_DIR}/minion.d/99-master-address.conf - -b Assume that dependencies are already installed and software sources are - set up. If git is selected, git tree is still checked out as dependency - step. + -h Display this message + -v Display script version + -n No colours + -D Show debug output -c Temporary configuration directory - -C Only run the configuration function. Implies -F (forced overwrite). - To overwrite Master or Syndic configs, -M or -S, respectively, must - also be specified. Salt installation will be ommitted, but some of the - dependencies could be installed to write configuration with -j or -J. + -g Salt Git repository URL. Default: ${_SALTSTACK_REPO_URL} + -w Install packages from downstream package repository rather than + upstream, saltstack package repository. This is currently only + implemented for SUSE. + -k Temporary directory holding the minion keys which will pre-seed + the master. + -s Sleep time used when waiting for daemons to start, restart and when + checking for the services running. Default: ${__DEFAULT_SLEEP} + -L Also install salt-cloud and required python-libcloud package + -M Also install salt-master + -S Also install salt-syndic + -N Do not install salt-minion + -X Do not start daemons after installation -d Disables checking if Salt services are enabled to start on system boot. You can also do this by touching /tmp/disable_salt_checks on the target host. Default: \${BS_FALSE} - -D Show debug output - -f Force shallow cloning for git installations. - This may result in an "n/a" in the version number. - -F Allow copied files to overwrite existing (config, init.d, etc) - -g Salt Git repository URL. Default: ${_SALTSTACK_REPO_URL} - -h Display this message - -H Use the specified HTTP proxy for all download URLs (including https://). - For example: http://myproxy.example.com:3128 - -i Pass the salt-minion id. This will be stored under - \${BS_SALT_ETC_DIR}/minion_id - -I If set, allow insecure connections while downloading any files. For - example, pass '--no-check-certificate' to 'wget' or '--insecure' to - 'curl'. On Debian and Ubuntu, using this option with -U allows obtaining - GnuPG archive keys insecurely if distro has changed release signatures. - -j Replace the Minion config file with data passed in as a JSON string. If - a Minion config file is found, a reasonable effort will be made to save - the file with a ".bak" extension. If used in conjunction with -C or -F, - no ".bak" file will be created as either of those options will force - a complete overwrite of the file. - -J Replace the Master config file with data passed in as a JSON string. If - a Master config file is found, a reasonable effort will be made to save - the file with a ".bak" extension. If used in conjunction with -C or -F, - no ".bak" file will be created as either of those options will force - a complete overwrite of the file. - -k Temporary directory holding the minion keys which will pre-seed - the master. - -K If set, keep the temporary files in the temporary directories specified - with -c and -k - -l Disable ssl checks. When passed, switches "https" calls to "http" where - possible. - -L Also install salt-cloud and required python-libcloud package - -M Also install salt-master - -n No colours - -N Do not install salt-minion - -p Extra-package to install while installing Salt dependencies. One package - per -p flag. You are responsible for providing the proper package name. -P Allow pip based installations. On some distributions the required salt packages or its dependencies are not available as a package for that distribution. Using this flag allows the script to use pip as a last resort method. NOTE: This only works for functions which actually implement pip based installations. - -q Quiet salt installation from git (setup.py install -q) - -Q Quickstart, install the Salt master and the Salt minion. - And automatically accept the minion key. + -U If set, fully upgrade the system prior to bootstrapping Salt + -I If set, allow insecure connections while downloading any files. For + example, pass '--no-check-certificate' to 'wget' or '--insecure' to + 'curl'. On Debian and Ubuntu, using this option with -U allows obtaining + GnuPG archive keys insecurely if distro has changed release signatures. + -F Allow copied files to overwrite existing (config, init.d, etc) + -K If set, keep the temporary files in the temporary directories specified + with -c and -k + -C Only run the configuration function. Implies -F (forced overwrite). + To overwrite Master or Syndic configs, -M or -S, respectively, must + also be specified. Salt installation will be ommitted, but some of the + dependencies could be installed to write configuration with -j or -J. + -A Pass the salt-master DNS name or IP. This will be stored under + \${BS_SALT_ETC_DIR}/minion.d/99-master-address.conf + -i Pass the salt-minion id. This will be stored under + \${BS_SALT_ETC_DIR}/minion_id + -p Extra-package to install while installing Salt dependencies. One package + per -p flag. You are responsible for providing the proper package name. + -H Use the specified HTTP proxy for all download URLs (including https://). + For example: http://myproxy.example.com:3128 + -b Assume that dependencies are already installed and software sources are + set up. If git is selected, git tree is still checked out as dependency + step. + -f Force shallow cloning for git installations. + This may result in an "n/a" in the version number. + -l Disable ssl checks. When passed, switches "https" calls to "http" where + possible. + -V Install Salt into virtualenv + (only available for Ubuntu based distributions) + -a Pip install all Python pkg dependencies for Salt. Requires -V to install + all pip pkgs into the virtualenv. + (Only available for Ubuntu based distributions) + -r Disable all repository configuration performed by this script. This + option assumes all necessary repository configuration is already present + on the system. -R Specify a custom repository URL. Assumes the custom repository URL points to a repository that mirrors Salt packages located at repo.saltproject.io. The option passed with -R replaces the "repo.saltproject.io". If -R is passed, -r is also set. Currently only - works on CentOS/RHEL and Debian based distributions and macOS. - -s Sleep time used when waiting for daemons to start, restart and when - checking for the services running. Default: ${__DEFAULT_SLEEP} - -S Also install salt-syndic - -r Disable all repository configuration performed by this script. This - option assumes all necessary repository configuration is already present - on the system. - -U If set, fully upgrade the system prior to bootstrapping Salt - -v Display script version - -V Install Salt into virtualenv - (only available for Ubuntu based distributions) + works on CentOS/RHEL and Debian based distributions. + -J Replace the Master config file with data passed in as a JSON string. If + a Master config file is found, a reasonable effort will be made to save + the file with a ".bak" extension. If used in conjunction with -C or -F, + no ".bak" file will be created as either of those options will force + a complete overwrite of the file. + -j Replace the Minion config file with data passed in as a JSON string. If + a Minion config file is found, a reasonable effort will be made to save + the file with a ".bak" extension. If used in conjunction with -C or -F, + no ".bak" file will be created as either of those options will force + a complete overwrite of the file. + -q Quiet salt installation from git (setup.py install -q) -x Changes the Python version used to install Salt. For CentOS 6 git installations python2.7 is supported. - Fedora git installation, CentOS 7, Ubuntu 18.04 support python3. - -X Do not start daemons after installation + Fedora git installation, CentOS 7, Debian 9, Ubuntu 16.04 and 18.04 support python3. -y Installs a different python version on host. Currently this has only been tested with CentOS 6 and is considered experimental. This will install the ius repo on the box if disable repo is false. This must be used in conjunction @@ -430,7 +406,7 @@ EOT } # ---------- end of function __usage ---------- -while getopts ':hvnDc:g:Gyx:k:s:MSNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aqQ' opt +while getopts ':hvnDc:g:Gyx:wk:s:MSNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aq' opt do case "${opt}" in @@ -446,6 +422,7 @@ do echowarn "No need to provide this option anymore, now it is a default behavior." ;; + w ) _DOWNSTREAM_PKG_REPO=$BS_TRUE ;; k ) _TEMP_KEYS_DIR="$OPTARG" ;; s ) _SLEEP=$OPTARG ;; M ) _INSTALL_MASTER=$BS_TRUE ;; @@ -474,7 +451,6 @@ do J ) _CUSTOM_MASTER_CONFIG=$OPTARG ;; j ) _CUSTOM_MINION_CONFIG=$OPTARG ;; q ) _QUIET_GIT_INSTALLATION=$BS_TRUE ;; - Q ) _QUICK_START=$BS_TRUE ;; x ) _PY_EXE="$OPTARG" ;; y ) _INSTALL_PY="$BS_TRUE" ;; @@ -596,7 +572,7 @@ fi echoinfo "Running version: ${__ScriptVersion}" echoinfo "Executed by: ${CALLER}" echoinfo "Command line: '${__ScriptFullName} ${__ScriptArgs}'" -echowarn "Running the unstable version of ${__ScriptName}" +#echowarn "Running the unstable version of ${__ScriptName}" # Define installation type if [ "$#" -gt 0 ];then @@ -606,17 +582,11 @@ if [ "$#" -gt 0 ];then fi # Check installation type -if [ "$(echo "$ITYPE" | grep -E '(stable|testing|git|onedir|onedir_rc|old-stable)')" = "" ]; then +if [ "$(echo "$ITYPE" | grep -E '(stable|testing|git)')" = "" ]; then echoerror "Installation type \"$ITYPE\" is not known..." exit 1 fi -# Due to our modifications to install_centos_onedir it is easiest to just lock down to only allowing stable install -if [ "$(echo "$ITYPE" | grep stable)" = "" ]; then - echoerror "This script has been modified to only support stable installation type. Installation type \"$ITYPE\" is not allowed..." - exit 1 -fi - # If doing a git install, check what branch/tag/sha will be checked out if [ "$ITYPE" = "git" ]; then if [ "$#" -eq 0 ];then @@ -632,123 +602,23 @@ if [ "$ITYPE" = "git" ]; then # If doing stable install, check if version specified elif [ "$ITYPE" = "stable" ]; then if [ "$#" -eq 0 ];then - ONEDIR_REV="latest" - _ONEDIR_REV="latest" - ITYPE="onedir" + STABLE_REV="latest" else - if [ "$(echo "$1" | grep -E '^(nightly|latest|3005|3006)$')" != "" ]; then - ONEDIR_REV="$1" - _ONEDIR_REV="$1" - ITYPE="onedir" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-5]{2}[5-9](\.[0-9]*)?)')" != "" ]; then - ONEDIR_REV="minor/$1" - _ONEDIR_REV="$1" - ITYPE="onedir" - shift - else - echo "Unknown stable version: $1 (valid: 3005, 3006, latest)" - exit 1 - fi - fi - -# If doing old-stable install, check if version specified -elif [ "$ITYPE" = "old-stable" ]; then - if [ "$#" -eq 0 ];then - ITYPE="stable" - else - if [ "$(echo "$1" | grep -E '^(3003|3004|3005)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|1\.6|1\.7|2014\.1|2014\.7|2015\.5|2015\.8|2016\.3|2016\.11|2017\.7|2018\.3|2019\.2|3000|3001|3002|3003|3004)$')" != "" ]; then STABLE_REV="$1" - ITYPE="stable" shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-5]{3}(\.[0-9]*)?)$')" != "" ]; then + elif [ "$(echo "$1" | grep -E '^(2[0-9]*\.[0-9]*\.[0-9]*|[3-9][0-9]{3}(\.[0-9]*)?)$')" != "" ]; then # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - ITYPE="stable" STABLE_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') if [ "$(uname)" != "Darwin" ]; then STABLE_REV="archive/$STABLE_REV" fi shift else - echo "Unknown old stable version: $1 (valid: 3003, 3004, 3005)" + echo "Unknown stable version: $1 (valid: 1.6, 1.7, 2014.1, 2014.7, 2015.5, 2015.8, 2016.3, 2016.11, 2017.7, 2018.3, 2019.2, 3000, 3001, 3002, 3003, 3004, latest, \$MAJOR.\$MINOR.\$PATCH until 2019.2, \$MAJOR or \$MAJOR.\$PATCH starting from 3000)" exit 1 fi fi - -elif [ "$ITYPE" = "onedir" ]; then - if [ "$#" -eq 0 ];then - ONEDIR_REV="latest" - else - if [ "$(echo "$1" | grep -E '^(nightly|latest|3005|3006)$')" != "" ]; then - ONEDIR_REV="$1" - shift - elif [ "$(echo "$1" | grep -E '^(3005(\.[0-9]*)?)')" != "" ]; then - # Handle the 3005.0 version as 3005 archive (pin to minor) and strip the fake ".0" suffix - ONEDIR_REV=$(echo "$1" | sed -E 's/^(3005)\.0$/\1/') - ONEDIR_REV="minor/$ONEDIR_REV" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}(\.[0-9]*)?)')" != "" ]; then - ONEDIR_REV="minor/$1" - shift - else - echo "Unknown onedir version: $1 (valid: 3005, 3006, latest, nightly.)" - exit 1 - fi - fi - -elif [ "$ITYPE" = "onedir_rc" ]; then - # Change the _ONEDIR_DIR to be the location for the RC packages - _ONEDIR_DIR="salt_rc/salt" - - # Change ITYPE to onedir so we use the regular onedir functions - ITYPE="onedir" - - if [ "$#" -eq 0 ];then - ONEDIR_REV="latest" - else - if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then - ONEDIR_REV="$1" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$1" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}\.[0-9]?rc[0-9]$)')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$1" - shift - else - echo "Unknown onedir_rc version: $1 (valid: 3005-1, latest.)" - exit 1 - fi - fi -fi - -# Doing a quick start, so install master -# set master address to 127.0.0.1 -if [ "$_QUICK_START" -eq "$BS_TRUE" ]; then - # make install type is stable - ITYPE="stable" - - # make sure the revision is latest - STABLE_REV="latest" - ONEDIR_REV="latest" - - # make sure we're installing the master - _INSTALL_MASTER=$BS_TRUE - - # override incase install minion - # is set to false - _INSTALL_MINION=$BS_TRUE - - # Set master address to loopback IP - _SALT_MASTER_ADDRESS="127.0.0.1" - - # Auto accept the minion key - # when the install is done. - _AUTO_ACCEPT_MINION_KEYS=$BS_TRUE fi # Check for any unparsed arguments. Should be an error. @@ -954,18 +824,6 @@ __fetch_verify() { return 1 } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __check_url_exists -# DESCRIPTION: Checks if a URL exists -#---------------------------------------------------------------------------------------------------------------------- -__check_url_exists() { - _URL="$1" - if curl --output /dev/null --silent --fail "${_URL}"; then - return 0 - else - return 1 - fi -} #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __gather_hardware_info # DESCRIPTION: Discover hardware information @@ -1087,7 +945,7 @@ __strip_duplicates() { __sort_release_files() { KNOWN_RELEASE_FILES=$(echo "(arch|alpine|centos|debian|ubuntu|fedora|redhat|suse|\ mandrake|mandriva|gentoo|slackware|turbolinux|unitedlinux|void|lsb|system|\ - oracle|os|almalinux|rocky)(-|_)(release|version)" | sed -E 's:[[:space:]]::g') + oracle|os)(-|_)(release|version)" | sed -E 's:[[:space:]]::g') primary_release_files="" secondary_release_files="" # Sort know VS un-known files first @@ -1101,7 +959,7 @@ __sort_release_files() { done # Now let's sort by know files importance, max important goes last in the max_prio list - max_prio="redhat-release centos-release oracle-release fedora-release almalinux-release rocky-release" + max_prio="redhat-release centos-release oracle-release fedora-release" for entry in $max_prio; do if [ "$(echo "${primary_release_files}" | grep "$entry")" != "" ]; then primary_release_files=$(echo "${primary_release_files}" | sed -e "s:\\(.*\\)\\($entry\\)\\(.*\\):\\2 \\1 \\3:g") @@ -1170,8 +1028,6 @@ __gather_linux_system_info() { elif [ "${DISTRO_NAME}" = "Arch" ]; then DISTRO_NAME="Arch Linux" return - elif [ "${DISTRO_NAME}" = "Rocky" ]; then - DISTRO_NAME="Rocky Linux" fi rv=$(lsb_release -sr) [ "${rv}" != "" ] && DISTRO_VERSION=$(__parse_version_string "$rv") @@ -1230,8 +1086,6 @@ __gather_linux_system_info() { unitedlinux ) n="UnitedLinux" ;; void ) n="VoidLinux" ;; oracle ) n="Oracle Linux" ;; - almalinux ) n="AlmaLinux" ;; - rocky ) n="Rocky Linux" ;; system ) while read -r line; do [ "${n}x" != "systemx" ] && break @@ -1454,7 +1308,7 @@ __gather_system_info() { #---------------------------------------------------------------------------------------------------------------------- # shellcheck disable=SC2034 __ubuntu_derivatives_translation() { - UBUNTU_DERIVATIVES="(trisquel|linuxmint|linaro|elementary_os|neon|pop)" + UBUNTU_DERIVATIVES="(trisquel|linuxmint|linaro|elementary_os|neon)" # Mappings trisquel_6_ubuntu_base="12.04" linuxmint_13_ubuntu_base="12.04" @@ -1467,8 +1321,6 @@ __ubuntu_derivatives_translation() { neon_16_ubuntu_base="16.04" neon_18_ubuntu_base="18.04" neon_20_ubuntu_base="20.04" - neon_22_ubuntu_base="22.04" - pop_22_ubuntu_base="22.04" # Translate Ubuntu derivatives to their base Ubuntu version match=$(echo "$DISTRO_NAME_L" | grep -E ${UBUNTU_DERIVATIVES}) @@ -1528,13 +1380,9 @@ __check_dpkg_architecture() { if [ "$_CUSTOM_REPO_URL" != "null" ]; then warn_msg="Support for arm64 is experimental, make sure the custom repository used has the expected structure and contents." else - # Saltstack official repository has arm64 metadata beginning with Debian 11, - # use amd64 repositories on arm64 for anything older, since all pkgs are arch-independent - if [ "$DISTRO_NAME_L" = "debian" ] && [ "$DISTRO_MAJOR_VERSION" -lt 11 ]; then - __REPO_ARCH="amd64" - else - __REPO_ARCH="arm64" - fi + # Saltstack official repository does not yet have arm64 metadata, + # use amd64 repositories on arm64, since all pkgs are arch-independent + __REPO_ARCH="amd64" __REPO_ARCH_DEB="deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=$__REPO_ARCH]" warn_msg="Support for arm64 packages is experimental and might rely on architecture-independent packages from the amd64 repository." fi @@ -1614,9 +1462,6 @@ __ubuntu_codename_translation() { "21") DISTRO_CODENAME="hirsute" ;; - "22") - DISTRO_CODENAME="jammy" - ;; *) DISTRO_CODENAME="trusty" ;; @@ -1643,12 +1488,10 @@ __debian_derivatives_translation() { devuan_1_debian_base="8.0" devuan_2_debian_base="9.0" kali_1_debian_base="7.0" - kali_2021_debian_base="10.0" linuxmint_1_debian_base="8.0" raspbian_8_debian_base="8.0" raspbian_9_debian_base="9.0" raspbian_10_debian_base="10.0" - raspbian_11_debian_base="11.0" bunsenlabs_9_debian_base="9.0" turnkey_9_debian_base="9.0" @@ -1716,14 +1559,6 @@ __debian_codename_translation() { "11") DISTRO_CODENAME="bullseye" ;; - "12") - DISTRO_CODENAME="bookworm" - # FIXME - TEMPORARY - # use bullseye packages until bookworm packages are available - DISTRO_CODENAME="bullseye" - DISTRO_MAJOR_VERSION=11 - rv=11 - ;; *) DISTRO_CODENAME="stretch" ;; @@ -1755,13 +1590,11 @@ __check_end_of_life_versions() { # = 17.04, 17.10 # = 18.10 # = 19.04, 19.10 - # = 20.10 if [ "$DISTRO_MAJOR_VERSION" -lt 16 ] || \ [ "$DISTRO_MAJOR_VERSION" -eq 17 ] || \ [ "$DISTRO_MAJOR_VERSION" -eq 19 ] || \ { [ "$DISTRO_MAJOR_VERSION" -eq 16 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 18 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then + { [ "$DISTRO_MAJOR_VERSION" -eq 18 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://wiki.ubuntu.com/Releases" @@ -1979,14 +1812,14 @@ elif [ "${DISTRO_NAME_L}" = "debian" ]; then __debian_codename_translation fi -if [ "$(echo "${DISTRO_NAME_L}" | grep -E '(debian|ubuntu|centos|gentoo|red_hat|oracle|scientific|amazon|fedora|macosx|almalinux|rocky)')" = "" ] && [ "$ITYPE" = "stable" ] && [ "$STABLE_REV" != "latest" ]; then +if [ "$(echo "${DISTRO_NAME_L}" | grep -E '(debian|ubuntu|centos|gentoo|red_hat|oracle|scientific|amazon|fedora|macosx)')" = "" ] && [ "$ITYPE" = "stable" ] && [ "$STABLE_REV" != "latest" ]; then echoerror "${DISTRO_NAME} does not have major version pegged packages support" exit 1 fi # Only RedHat based distros have testing support if [ "${ITYPE}" = "testing" ]; then - if [ "$(echo "${DISTRO_NAME_L}" | grep -E '(centos|red_hat|amazon|oracle|almalinux|rocky)')" = "" ]; then + if [ "$(echo "${DISTRO_NAME_L}" | grep -E '(centos|red_hat|amazon|oracle)')" = "" ]; then echoerror "${DISTRO_NAME} does not have testing packages support" exit 1 fi @@ -2017,6 +1850,10 @@ if [ "$ITYPE" = "git" ]; then if [ "$__NEW_VS_TAG_REGEX_MATCH" = "MATCH" ]; then _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="${__NEW_VS_TAG_REGEX_MATCH}" + if [ "$(echo "${GIT_REV}" | cut -c -1)" != "v" ]; then + # We do this to properly clone tags + GIT_REV="v${GIT_REV}" + fi echodebug "Post Neon Tag Regex Match On: ${GIT_REV}" else __TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed -E 's/^(v?[0-9]{1,4}\.[0-9]{1,2})(\.[0-9]{1,2})?.*$/MATCH/') @@ -2028,6 +1865,10 @@ if [ "$ITYPE" = "git" ]; then if [ "$__NEW_VS_TAG_REGEX_MATCH" = "MATCH" ]; then _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="${__NEW_VS_TAG_REGEX_MATCH}" + if [ "$(echo "${GIT_REV}" | cut -c -1)" != "v" ]; then + # We do this to properly clone tags + GIT_REV="v${GIT_REV}" + fi echodebug "Post Neon Tag Regex Match On: ${GIT_REV}" else __TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed 's/^.*\(v\?[[:digit:]]\{1,4\}\.[[:digit:]]\{1,2\}\)\(\.[[:digit:]]\{1,2\}\)\?.*$/MATCH/') @@ -2190,13 +2031,20 @@ __rpm_import_gpg() { #---------------------------------------------------------------------------------------------------------------------- __yum_install_noinput() { + ENABLE_EPEL_CMD="" + # Skip Amazon Linux for the first round, since EPEL is no longer required. + # See issue #724 + if [ $_DISABLE_REPOS -eq $BS_FALSE ] && [ "$DISTRO_NAME_L" != "amazon_linux_ami" ]; then + ENABLE_EPEL_CMD="--enablerepo=${_EPEL_REPO}" + fi + if [ "$DISTRO_NAME_L" = "oracle_linux" ]; then # We need to install one package at a time because --enablerepo=X disables ALL OTHER REPOS!!!! for package in "${@}"; do - yum -y install "${package}" || yum -y install "${package}" || return $? + yum -y install "${package}" || yum -y install "${package}" ${ENABLE_EPEL_CMD} || return $? done else - yum -y install "${@}" || return $? + yum -y install "${@}" ${ENABLE_EPEL_CMD} || return $? fi } # ---------- end of function __yum_install_noinput ---------- @@ -2209,15 +2057,6 @@ __dnf_install_noinput() { dnf -y install "${@}" || return $? } # ---------- end of function __dnf_install_noinput ---------- -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __tdnf_install_noinput -# DESCRIPTION: (DRY) tdnf install with noinput options -#---------------------------------------------------------------------------------------------------------------------- -__tdnf_install_noinput() { - - tdnf -y install "${@}" || return $? -} # ---------- end of function __tdnf_install_noinput ---------- - #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __git_clone_and_checkout # DESCRIPTION: (DRY) Helper function to clone and checkout salt to a @@ -2743,7 +2582,7 @@ __activate_virtualenv() { # NAME: __install_pip_pkgs # DESCRIPTION: Return 0 or 1 if successfully able to install pip packages. Can provide a different python version to # install pip packages with. If $py_ver is not specified it will use the default python version. -# PARAMETERS: pkgs, py_ver, upgrade +# PARAMETERS: pkgs, py_ver #---------------------------------------------------------------------------------------------------------------------- __install_pip_pkgs() { @@ -2912,15 +2751,15 @@ EOM fi echodebug "Running '${_pip_cmd} install wheel ${_setuptools_dep}'" - ${_pip_cmd} install --upgrade ${_POST_NEON_PIP_INSTALL_ARGS} wheel "${_setuptools_dep}" + ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} wheel "${_setuptools_dep}" echoinfo "Installing salt using ${_py_exe}" cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 mkdir /tmp/git/deps echoinfo "Downloading Salt Dependencies from PyPi" - echodebug "Running '${_pip_cmd} download -d /tmp/git/deps ${_PIP_DOWNLOAD_ARGS} .'" - ${_pip_cmd} download -d /tmp/git/deps ${_PIP_DOWNLOAD_ARGS} . || (echo "Failed to download salt dependencies" && return 1) + echodebug "Running '${_pip_cmd} download -d /tmp/git/deps .'" + ${_pip_cmd} download -d /tmp/git/deps . || (echo "Failed to download salt dependencies" && return 1) echoinfo "Installing Downloaded Salt Dependencies" echodebug "Running '${_pip_cmd} install --ignore-installed ${_POST_NEON_PIP_INSTALL_ARGS} /tmp/git/deps/*'" @@ -3079,8 +2918,7 @@ __enable_universe_repository() { __install_saltstack_ubuntu_repository() { # Workaround for latest non-LTS Ubuntu if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - # remove 22 version when salt packages for 22.04 are available - [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 22 ]; then + { [ "$DISTRO_MAJOR_VERSION" -eq 21 ] && [ "$DISTRO_MINOR_VERSION" -eq 04 ]; }; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." UBUNTU_VERSION=20.04 UBUNTU_CODENAME="focal" @@ -3119,58 +2957,6 @@ __install_saltstack_ubuntu_repository() { __wait_for_apt apt-get update || return 1 } -__install_saltstack_ubuntu_onedir_repository() { - # Workaround for latest non-LTS Ubuntu - if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - [ "$DISTRO_MAJOR_VERSION" -eq 21 ]; then - echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=20.04 - UBUNTU_CODENAME="focal" - else - UBUNTU_VERSION=${DISTRO_VERSION} - UBUNTU_CODENAME=${DISTRO_CODENAME} - fi - - # Install downloader backend for GPG keys fetching - __PACKAGES='wget' - - # Required as it is not installed by default on Ubuntu 18+ - if [ "$DISTRO_MAJOR_VERSION" -ge 18 ]; then - __PACKAGES="${__PACKAGES} gnupg" - fi - - # Make sure https transport is available - if [ "$HTTP_VAL" = "https" ] ; then - __PACKAGES="${__PACKAGES} apt-transport-https ca-certificates" - fi - - # shellcheck disable=SC2086,SC2090 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - # SaltStack's stable Ubuntu repository: - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/" - fi - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list - - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}salt-archive-keyring.gpg" || return 1 - elif [ "$(echo "${ONEDIR_REV}" | grep -E '(latest|nightly)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}salt-archive-keyring.gpg" || \ - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - else - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - fi - - __wait_for_apt apt-get update || return 1 -} - install_ubuntu_deps() { if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then # Install add-apt-repository @@ -3246,7 +3032,7 @@ install_ubuntu_stable_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ] || [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ]; then __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 else __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && @@ -3327,9 +3113,6 @@ install_ubuntu_git_deps() { fi else __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - if [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then - __PACKAGES="${__PACKAGES} g++" - fi # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 fi @@ -3343,44 +3126,6 @@ install_ubuntu_git_deps() { return 0 } -install_ubuntu_onedir_deps() { - if [ "${_SLEEP}" -eq "${__DEFAULT_SLEEP}" ] && [ "$DISTRO_MAJOR_VERSION" -lt 16 ]; then - # The user did not pass a custom sleep value as an argument, let's increase the default value - echodebug "On Ubuntu systems we increase the default sleep value to 10." - echodebug "See https://github.com/saltstack/salt/issues/12248 for more info." - _SLEEP=10 - fi - - if [ $_START_DAEMONS -eq $BS_FALSE ]; then - echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." - fi - - # No user interaction, libc6 restart services for example - export DEBIAN_FRONTEND=noninteractive - - __wait_for_apt apt-get update || return 1 - - if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then - if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 - else - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 - fi - fi - - __apt_get_upgrade_noinput || return 1 - fi - - if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __check_dpkg_architecture || return 1 - __install_saltstack_ubuntu_onedir_repository || return 1 - fi - - install_ubuntu_deps || return 1 -} - install_ubuntu_stable() { __PACKAGES="" @@ -3425,15 +3170,7 @@ install_ubuntu_git() { _POST_NEON_PIP_INSTALL_ARGS="" __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - - # Account for new path for services files in later releases - if [ -d "pkg/common" ]; then - _SERVICE_DIR="pkg/common" - else - _SERVICE_DIR="pkg" - fi - - sed -i 's:/usr/bin:/usr/local/bin:g' ${_SERVICE_DIR}/*.service + sed -i 's:/usr/bin:/usr/local/bin:g' pkg/*.service return 0 fi @@ -3448,28 +3185,6 @@ install_ubuntu_git() { return 0 } -install_ubuntu_onedir() { - __PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-master" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-syndic" - fi - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - install_ubuntu_stable_post() { for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -3505,15 +3220,8 @@ install_ubuntu_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" - else - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg" - fi - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3528,8 +3236,8 @@ install_ubuntu_git_post() { if [ ! -f $_upstart_conf ]; then # upstart does not know about our service, let's copy the proper file echowarn "Upstart does not appear to know about salt-$fname" - echodebug "Copying ${_SERVICE_DIR}/salt-$fname.upstart to $_upstart_conf" - __copyfile "${_SERVICE_DIR}/salt-${fname}.upstart" "$_upstart_conf" + echodebug "Copying ${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-$fname.upstart to $_upstart_conf" + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.upstart" "$_upstart_conf" # Set service to know about virtualenv if [ "${_VIRTUALENV_DIR}" != "null" ]; then echo "SALT_USE_VIRTUALENV=${_VIRTUALENV_DIR}" > /etc/default/salt-${fname} @@ -3641,8 +3349,17 @@ install_ubuntu_check_services() { # Debian Install Functions # __install_saltstack_debian_repository() { - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" + if [ "$DISTRO_MAJOR_VERSION" -eq 11 ]; then + # Packages for Debian 11 at repo.saltproject.io are not yet available + # Set up repository for Debian 10 for Debian 11 for now until support + # is available at repo.saltproject.io for Debian 11. + echowarn "Debian 11 distribution detected, but stable packages requested. Trying packages from Debian 10. You may experience problems." + DEBIAN_RELEASE="10" + DEBIAN_CODENAME="buster" + else + DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" + DEBIAN_CODENAME="$DISTRO_CODENAME" + fi __PY_VERSION_REPO="apt" if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then @@ -3674,50 +3391,6 @@ __install_saltstack_debian_repository() { __wait_for_apt apt-get update || return 1 } -__install_saltstack_debian_onedir_repository() { - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" - - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - # Install downloader backend for GPG keys fetching - __PACKAGES='wget' - - # Required as it is not installed by default on Debian 9+ - if [ "$DISTRO_MAJOR_VERSION" -ge 9 ]; then - __PACKAGES="${__PACKAGES} gnupg2" - fi - - # Make sure https transport is available - if [ "$HTTP_VAL" = "https" ] ; then - __PACKAGES="${__PACKAGES} apt-transport-https ca-certificates" - fi - - # shellcheck disable=SC2086,SC2090 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/" - fi - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}salt-archive-keyring.gpg" || return 1 - elif [ "$(echo "${ONEDIR_REV}" | grep -E '(latest|nightly)')" != "" ]; then - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}salt-archive-keyring.gpg" || \ - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - else - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - fi - - __wait_for_apt apt-get update || return 1 -} - install_debian_deps() { if [ $_START_DAEMONS -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." @@ -3771,59 +3444,6 @@ install_debian_deps() { return 0 } -install_debian_onedir_deps() { - if [ $_START_DAEMONS -eq $BS_FALSE ]; then - echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." - fi - - # No user interaction, libc6 restart services for example - export DEBIAN_FRONTEND=noninteractive - - __wait_for_apt apt-get update || return 1 - - if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then - # Try to update GPG keys first if allowed - if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 10 ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 - else - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 - fi - fi - - __apt_get_upgrade_noinput || return 1 - fi - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" - fi - - # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 - __PACKAGES='procps pciutils' - - # YAML module is used for generating custom master/minion configs - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-yaml" - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __check_dpkg_architecture || return 1 - __install_saltstack_debian_onedir_repository || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 -} - install_debian_git_pre() { if ! __check_command_exists git; then __apt_get_install_noinput git || return 1 @@ -4072,15 +3692,7 @@ install_debian_git() { _POST_NEON_PIP_INSTALL_ARGS="" __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - - # Account for new path for services files in later releases - if [ -d "pkg/common" ]; then - _SERVICE_DIR="pkg/common" - else - _SERVICE_DIR="pkg" - fi - - sed -i 's:/usr/bin:/usr/local/bin:g' ${_SERVICE_DIR}/*.service + sed -i 's:/usr/bin:/usr/local/bin:g' pkg/*.service return 0 fi @@ -4108,28 +3720,6 @@ install_debian_9_git() { return 0 } -install_debian_onedir() { - __PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-master" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-syndic" - fi - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - install_debian_git_post() { for fname in api master minion syndic; do # Skip if not meant to be installed @@ -4139,23 +3729,16 @@ install_debian_git_post() { [ "$fname" = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ "$fname" = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" - else - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg" - fi - # Configure SystemD for Debian 8 "Jessie" and later if [ -f /bin/systemctl ]; then if [ ! -f /lib/systemd/system/salt-${fname}.service ] || \ { [ -f /lib/systemd/system/salt-${fname}.service ] && [ $_FORCE_OVERWRITE -eq $BS_TRUE ]; }; then - if [ -f "${_SERVICE_DIR}/salt-${fname}.service" ]; then - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" /lib/systemd/system - __copyfile "${_SERVICE_DIR}/salt-${fname}.environment" "/etc/default/salt-${fname}" + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" ]; then + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" /lib/systemd/system + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.environment" "/etc/default/salt-${fname}" else # workaround before adding Debian-specific unit files to the Salt main repo - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" /lib/systemd/system + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" /lib/systemd/system sed -i -e '/^Type/ s/notify/simple/' /lib/systemd/system/salt-${fname}.service fi fi @@ -4187,13 +3770,6 @@ install_debian_git_post() { done } -install_debian_2021_post() { - # Kali 2021 (debian derivative) disables all network services by default - # Using archlinux post function to enable salt systemd services - install_arch_linux_post || return 1 - return 0 -} - install_debian_restart_daemons() { [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 @@ -4250,41 +3826,6 @@ install_debian_check_services() { # Fedora Install Functions # -__install_saltstack_fedora_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - REPO_REV="$ONEDIR_REV" - else - REPO_REV="latest" - fi - - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - GPG_KEY="SALT-PROJECT-GPG-PUBKEY-2023.pub" - - REPO_FILE="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/fedora/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/fedora/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" - fi - - __fetch_url "${REPO_FILE}" "${FETCH_URL}.repo" - - __rpm_import_gpg "${FETCH_URL}/${GPG_KEY}" || return 1 - - yum clean metadata || return 1 - elif [ "$REPO_REV" != "latest" ]; then - echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $REPO_REV." - fi - - return 0 -} - install_fedora_deps() { if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then dnf -y update || return 1 @@ -4444,9 +3985,6 @@ install_fedora_git_deps() { done else __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - if [ "${DISTRO_VERSION}" -ge 35 ]; then - __PACKAGES="${__PACKAGES} gcc-c++" - fi # shellcheck disable=SC2086 __dnf_install_noinput ${__PACKAGES} || return 1 fi @@ -4490,18 +4028,7 @@ install_fedora_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" - else - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" - fi - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" - - # Salt executables are located under `/usr/local/bin/` on Fedora 36+ - #if [ "${DISTRO_VERSION}" -ge 36 ]; then - # sed -i -e 's:/usr/bin/:/usr/local/bin/:g' /lib/systemd/system/salt-*.service - #fi + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4549,83 +4076,6 @@ install_fedora_check_services() { return 0 } - -install_fedora_onedir_deps() { - - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - yum -y update || return 1 - fi - - if [ "$_DISABLE_REPOS" -eq "$BS_TRUE" ] && [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - echowarn "Detected -r or -R option while installing Salt packages for Python 3." - echowarn "Python 3 packages for older Salt releases requires the EPEL repository to be installed." - echowarn "Installing the EPEL repository automatically is disabled when using the -r or -R options." - fi - - if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then - __install_saltstack_fedora_onedir_repository || return 1 - fi - - # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has - # its own check in case -r was passed without -R. - if [ "$_CUSTOM_REPO_URL" != "null" ]; then - __install_saltstack_fedora_onedir_repository || return 1 - fi - - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="dnf-utils chkconfig" - else - __PACKAGES="yum-utils chkconfig" - fi - - __PACKAGES="${__PACKAGES} procps" - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 - -} - - -install_fedora_onedir() { - STABLE_REV=$ONEDIR_REV - #install_fedora_stable || return 1 - - __PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-master" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-syndic" - fi - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - -install_fedora_onedir_post() { - STABLE_REV=$ONEDIR_REV - install_fedora_stable_post || return 1 - - return 0 -} # # Ended Fedora Install Functions # @@ -4635,13 +4085,27 @@ install_fedora_onedir_post() { # # CentOS Install Functions # -__install_saltstack_rhel_repository() { - if [ "${DISTRO_MAJOR_VERSION}" -ge 9 ]; then - echoerror "Old stable repository unavailable on RH variants greater than or equal to 9" - echoerror "Use the stable install type." - exit 1 - fi +__install_epel_repository() { + if [ ${_EPEL_REPOS_INSTALLED} -eq $BS_TRUE ]; then + return 0 + fi + # Check if epel repo is already enabled and flag it accordingly + if yum repolist | grep -q "^[!]\\?${_EPEL_REPO}/"; then + _EPEL_REPOS_INSTALLED=$BS_TRUE + return 0 + fi + + # Download latest 'epel-release' package for the distro version directly + epel_repo_url="${HTTP_VAL}://dl.fedoraproject.org/pub/epel/epel-release-latest-${DISTRO_MAJOR_VERSION}.noarch.rpm" + rpm -Uvh --force "$epel_repo_url" || return 1 + + _EPEL_REPOS_INSTALLED=$BS_TRUE + + return 0 +} + +__install_saltstack_rhel_repository() { if [ "$ITYPE" = "stable" ]; then repo_rev="$STABLE_REV" else @@ -4656,19 +4120,7 @@ __install_saltstack_rhel_repository() { # Avoid using '$releasever' variable for yum. # Instead, this should work correctly on all RHEL variants. base_url="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${repo_rev}/" - if [ "${DISTRO_MAJOR_VERSION}" -eq 7 ]; then - gpg_key="SALTSTACK-GPG-KEY.pub base/RPM-GPG-KEY-CentOS-7" - elif [ "${DISTRO_MAJOR_VERSION}" -ge 9 ]; then - gpg_key="SALTSTACK-GPG-KEY2.pub" - else - gpg_key="SALTSTACK-GPG-KEY.pub" - fi - - gpg_key_urls="" - for key in $gpg_key; do - gpg_key_urls=$(printf "${base_url}${key},%s" "$gpg_key_urls") - done - + gpg_key="SALTSTACK-GPG-KEY.pub" repo_file="/etc/yum.repos.d/salt.repo" if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then @@ -4678,80 +4130,13 @@ name=SaltStack ${repo_rev} Release Channel for RHEL/CentOS \$releasever baseurl=${base_url} skip_if_unavailable=True gpgcheck=1 -gpgkey=${gpg_key_urls} +gpgkey=${base_url}${gpg_key} enabled=1 enabled_metadata=1 _eof fetch_url="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${repo_rev}/" - for key in $gpg_key; do - __rpm_import_gpg "${fetch_url}${key}" || return 1 - done - - yum clean metadata || return 1 - elif [ "$repo_rev" != "latest" ]; then - echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $repo_rev." - fi - - return 0 -} - -__install_saltstack_rhel_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi - - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - # Avoid using '$releasever' variable for yum. - # Instead, this should work correctly on all RHEL variants. - base_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - base_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/" - fi - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ] || [ "${ONEDIR_REV}" = "nightly" ]; then - if [ "${DISTRO_MAJOR_VERSION}" -eq 9 ]; then - gpg_key="SALTSTACK-GPG-KEY2.pub" - else - gpg_key="SALTSTACK-GPG-KEY.pub" - fi - else - gpg_key="SALT-PROJECT-GPG-PUBKEY-2023.pub" - fi - - gpg_key_urls="" - for key in $gpg_key; do - gpg_key_urls=$(printf "${base_url}${key},%s" "$gpg_key_urls") - done - - repo_file="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - cat <<_eof > "$repo_file" -[saltstack] -name=SaltStack ${repo_rev} Release Channel for RHEL/CentOS \$releasever -baseurl=${base_url} -skip_if_unavailable=True -gpgcheck=1 -gpgkey=${gpg_key_urls} -enabled=1 -enabled_metadata=1 -_eof - - fetch_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - fetch_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" - fi - for key in $gpg_key; do - __rpm_import_gpg "${fetch_url}${key}" || return 1 - done - + __rpm_import_gpg "${fetch_url}${gpg_key}" || return 1 yum clean metadata || return 1 elif [ "$repo_rev" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." @@ -4773,6 +4158,7 @@ install_centos_stable_deps() { fi if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then + __install_epel_repository || return 1 __install_saltstack_rhel_repository || return 1 fi @@ -4793,29 +4179,27 @@ install_centos_stable_deps() { if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then # YAML module is used for generating custom master/minion configs if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python3-pyyaml python3-setuptools" + __PACKAGES="${__PACKAGES} python3-pyyaml" else __PACKAGES="${__PACKAGES} python2-pyyaml" fi elif [ "$DISTRO_MAJOR_VERSION" -eq 7 ]; then # YAML module is used for generating custom master/minion configs if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python36-PyYAML python36-setuptools" + __PACKAGES="${__PACKAGES} python36-PyYAML" else __PACKAGES="${__PACKAGES} PyYAML" fi else # YAML module is used for generating custom master/minion configs if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python34-PyYAML python34-setuptools" + __PACKAGES="${__PACKAGES} python34-PyYAML" else __PACKAGES="${__PACKAGES} PyYAML" fi fi fi - __PACKAGES="${__PACKAGES} procps" - # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -4832,29 +4216,40 @@ install_centos_stable_deps() { install_centos_stable() { __PACKAGES="" + local cloud='salt-cloud' + local master='salt-master' + local minion='salt-minion' + local syndic='salt-syndic' + + if echo "$STABLE_REV" | grep -q "archive";then # point release being applied + local ver=$(echo "$STABLE_REV"|awk -F/ '{print $2}') # strip archive/ + elif echo "$STABLE_REV" | egrep -vq "archive|latest";then # latest or major version(3003, 3004, etc) being applie + local ver=$STABLE_REV + fi + + if [ ! -z $ver ]; then + cloud+="-$ver" + master+="-$ver" + minion+="-$ver" + syndic+="-$ver" + fi + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" + __PACKAGES="${__PACKAGES} $cloud" fi if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-master" + __PACKAGES="${__PACKAGES} $master" fi if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" + __PACKAGES="${__PACKAGES} $minion" fi if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-syndic" + __PACKAGES="${__PACKAGES} $syndic" fi # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 - # Workaround for 3.11 broken on CentOS Stream 8.x - # Re-install Python 3.6 - _py_version=$(${_PY_EXE} -c "import sys; print('{0}.{1}'.format(*sys.version_info))") - if [ "$DISTRO_MAJOR_VERSION" -eq 8 ] && [ "${_py_version}" = "3.11" ]; then - __yum_install_noinput python3 - fi - return 0 } @@ -4890,14 +4285,7 @@ install_centos_stable_post() { } install_centos_git_deps() { - # First try stable deps then fall back to onedir deps if that one fails - # if we're installing on a Red Hat based host that doesn't have the classic - # package repos available. - # Set ONEDIR_REV to STABLE_REV in case we - # end up calling install_centos_onedir_deps - ONEDIR_REV=${STABLE_REV} - install_centos_onedir_deps || \ - return 1 + install_centos_stable_deps || return 1 if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then __yum_install_noinput ca-certificates || return 1 @@ -5057,16 +4445,10 @@ install_centos_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_FILE="${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" - else - _SERVICE_FILE="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" - fi if [ -f /bin/systemctl ]; then if [ ! -f "/usr/lib/systemd/system/salt-${fname}.service" ] || \ { [ -f "/usr/lib/systemd/system/salt-${fname}.service" ] && [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; }; then - __copyfile "${_SERVICE_FILE}" /usr/lib/systemd/system + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" /usr/lib/systemd/system fi SYSTEMD_RELOAD=$BS_TRUE @@ -5086,117 +4468,6 @@ install_centos_git_post() { return 0 } -install_centos_onedir_deps() { - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - yum -y update || return 1 - fi - - if [ "$_DISABLE_REPOS" -eq "$BS_TRUE" ] && [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - echowarn "Detected -r or -R option while installing Salt packages for Python 3." - echowarn "Python 3 packages for older Salt releases requires the EPEL repository to be installed." - echowarn "Installing the EPEL repository automatically is disabled when using the -r or -R options." - fi - - if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then - __install_saltstack_rhel_onedir_repository || return 1 - fi - - # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has - # its own check in case -r was passed without -R. - if [ "$_CUSTOM_REPO_URL" != "null" ]; then - __install_saltstack_rhel_onedir_repository || return 1 - fi - - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="dnf-utils chkconfig" - else - __PACKAGES="yum-utils chkconfig" - fi - - __PACKAGES="${__PACKAGES} procps" - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi - - - return 0 -} - -# This function has been modified to allow for specific versions to be installed -# when not using the salt repo -install_centos_onedir() { - __PACKAGES="" - - local cloud='salt-cloud' - local master='salt-master' - local minion='salt-minion' - local syndic='salt-syndic' - local ver="$_ONEDIR_REV" - - if [ ! -z $ver ]; then - cloud+="-$ver" - master+="-$ver" - minion+="-$ver" - syndic+="-$ver" - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} $cloud" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} $master" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} $minion" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} $syndic" - fi - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - -install_centos_onedir_post() { - SYSTEMD_RELOAD=$BS_FALSE - - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - if [ -f /bin/systemctl ]; then - /bin/systemctl is-enabled salt-${fname}.service > /dev/null 2>&1 || ( - /bin/systemctl preset salt-${fname}.service > /dev/null 2>&1 && - /bin/systemctl enable salt-${fname}.service > /dev/null 2>&1 - ) - - SYSTEMD_RELOAD=$BS_TRUE - elif [ -f "/etc/init.d/salt-${fname}" ]; then - /sbin/chkconfig salt-${fname} on - fi - done - - if [ "$SYSTEMD_RELOAD" -eq $BS_TRUE ]; then - /bin/systemctl daemon-reload - fi - - return 0 -} - install_centos_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return @@ -5296,11 +4567,6 @@ install_red_hat_linux_git_deps() { return 0 } -install_red_hat_linux_onedir_deps() { - install_centos_onedir_deps || return 1 - return 0 -} - install_red_hat_enterprise_stable_deps() { install_red_hat_linux_stable_deps || return 1 return 0 @@ -5311,11 +4577,6 @@ install_red_hat_enterprise_git_deps() { return 0 } -install_red_hat_enterprise_onedir_deps() { - install_red_hat_linux_onedir_deps || return 1 - return 0 -} - install_red_hat_enterprise_linux_stable_deps() { install_red_hat_linux_stable_deps || return 1 return 0 @@ -5326,11 +4587,6 @@ install_red_hat_enterprise_linux_git_deps() { return 0 } -install_red_hat_enterprise_linux_onedir_deps() { - install_red_hat_linux_onedir_deps || return 1 - return 0 -} - install_red_hat_enterprise_server_stable_deps() { install_red_hat_linux_stable_deps || return 1 return 0 @@ -5341,11 +4597,6 @@ install_red_hat_enterprise_server_git_deps() { return 0 } -install_red_hat_enterprise_server_onedir_deps() { - install_red_hat_linux_onedir_deps || return 1 - return 0 -} - install_red_hat_enterprise_workstation_stable_deps() { install_red_hat_linux_stable_deps || return 1 return 0 @@ -5356,11 +4607,6 @@ install_red_hat_enterprise_workstation_git_deps() { return 0 } -install_red_hat_enterprise_workstation_onedir_deps() { - install_red_hat_linux_timat_deps || return 1 - return 0 -} - install_red_hat_linux_stable() { install_centos_stable || return 1 return 0 @@ -5371,11 +4617,6 @@ install_red_hat_linux_git() { return 0 } -install_red_hat_linux_onedir() { - install_centos_onedir || return 1 - return 0 -} - install_red_hat_enterprise_stable() { install_red_hat_linux_stable || return 1 return 0 @@ -5386,11 +4627,6 @@ install_red_hat_enterprise_git() { return 0 } -install_red_hat_enterprise_onedir() { - install_red_hat_linux_onedir || return 1 - return 0 -} - install_red_hat_enterprise_linux_stable() { install_red_hat_linux_stable || return 1 return 0 @@ -5401,11 +4637,6 @@ install_red_hat_enterprise_linux_git() { return 0 } -install_red_hat_enterprise_linux_onedir() { - install_red_hat_linux_onedir || return 1 - return 0 -} - install_red_hat_enterprise_server_stable() { install_red_hat_linux_stable || return 1 return 0 @@ -5416,11 +4647,6 @@ install_red_hat_enterprise_server_git() { return 0 } -install_red_hat_enterprise_server_onedir() { - install_red_hat_linux_onedir || return 1 - return 0 -} - install_red_hat_enterprise_workstation_stable() { install_red_hat_linux_stable || return 1 return 0 @@ -5431,11 +4657,6 @@ install_red_hat_enterprise_workstation_git() { return 0 } -install_red_hat_enterprise_workstation_onedir() { - install_red_hat_linux_onedir || return 1 - return 0 -} - install_red_hat_linux_stable_post() { install_centos_stable_post || return 1 return 0 @@ -5580,15 +4801,6 @@ install_red_hat_enterprise_workstation_testing_post() { # Oracle Linux Install Functions # install_oracle_linux_stable_deps() { - # Install Oracle's EPEL. - if [ ${_EPEL_REPOS_INSTALLED} -eq $BS_FALSE ]; then - _EPEL_REPO=oracle-epel-release-el${DISTRO_MAJOR_VERSION} - if ! rpm -q "${_EPEL_REPO}" > /dev/null; then - __yum_install_noinput "${_EPEL_REPO}" - fi - _EPEL_REPOS_INSTALLED=$BS_TRUE - fi - install_centos_stable_deps || return 1 return 0 } @@ -5598,11 +4810,6 @@ install_oracle_linux_git_deps() { return 0 } -install_oracle_linux_onedir_deps() { - install_centos_onedir_deps || return 1 - return 0 -} - install_oracle_linux_testing_deps() { install_centos_testing_deps || return 1 return 0 @@ -5618,11 +4825,6 @@ install_oracle_linux_git() { return 0 } -install_oracle_linux_onedir() { - install_centos_onedir || return 1 - return 0 -} - install_oracle_linux_testing() { install_centos_testing || return 1 return 0 @@ -5638,11 +4840,6 @@ install_oracle_linux_git_post() { return 0 } -install_oracle_linux_onedir_post() { - install_centos_onedir_post || return 1 - return 0 -} - install_oracle_linux_testing_post() { install_centos_testing_post || return 1 return 0 @@ -5662,162 +4859,6 @@ install_oracle_linux_check_services() { # ####################################################################################################################### -####################################################################################################################### -# -# AlmaLinux Install Functions -# -install_almalinux_stable_deps() { - install_centos_stable_deps || return 1 - return 0 -} - -install_almalinux_git_deps() { - install_centos_git_deps || return 1 - return 0 -} - -install_almalinux_onedir_deps() { - install_centos_onedir_deps || return 1 - return 0 -} - -install_almalinux_testing_deps() { - install_centos_testing_deps || return 1 - return 0 -} - -install_almalinux_stable() { - install_centos_stable || return 1 - return 0 -} - -install_almalinux_git() { - install_centos_git || return 1 - return 0 -} - -install_almalinux_onedir() { - install_centos_onedir || return 1 - return 0 -} - -install_almalinux_testing() { - install_centos_testing || return 1 - return 0 -} - -install_almalinux_stable_post() { - install_centos_stable_post || return 1 - return 0 -} - -install_almalinux_git_post() { - install_centos_git_post || return 1 - return 0 -} - -install_almalinux_onedir_post() { - install_centos_onedir_post || return 1 - return 0 -} - -install_almalinux_testing_post() { - install_centos_testing_post || return 1 - return 0 -} - -install_almalinux_restart_daemons() { - install_centos_restart_daemons || return 1 - return 0 -} - -install_almalinux_check_services() { - install_centos_check_services || return 1 - return 0 -} -# -# Ended AlmaLinux Install Functions -# -####################################################################################################################### - -####################################################################################################################### -# -# Rocky Linux Install Functions -# -install_rocky_linux_stable_deps() { - install_centos_stable_deps || return 1 - return 0 -} - -install_rocky_linux_git_deps() { - install_centos_git_deps || return 1 - return 0 -} - -install_rocky_linux_onedir_deps() { - install_centos_onedir_deps || return 1 - return 0 -} - -install_rocky_linux_testing_deps() { - install_centos_testing_deps || return 1 - return 0 -} - -install_rocky_linux_stable() { - install_centos_stable || return 1 - return 0 -} - -install_rocky_linux_onedir() { - install_centos_onedir || return 1 - return 0 -} - -install_rocky_linux_git() { - install_centos_git || return 1 - return 0 -} - -install_rocky_linux_testing() { - install_centos_testing || return 1 - return 0 -} - -install_rocky_linux_stable_post() { - install_centos_stable_post || return 1 - return 0 -} - -install_rocky_linux_git_post() { - install_centos_git_post || return 1 - return 0 -} - -install_rocky_linux_onedir_post() { - install_centos_onedir_post || return 1 - return 0 -} - -install_rocky_linux_testing_post() { - install_centos_testing_post || return 1 - return 0 -} - -install_rocky_linux_restart_daemons() { - install_centos_restart_daemons || return 1 - return 0 -} - -install_rocky_linux_check_services() { - install_centos_check_services || return 1 - return 0 -} -# -# Ended Rocky Linux Install Functions -# -####################################################################################################################### - ####################################################################################################################### # # Scientific Linux Install Functions @@ -5832,11 +4873,6 @@ install_scientific_linux_git_deps() { return 0 } -install_scientific_linux_onedir_deps() { - install_centos_onedir_deps || return 1 - return 0 -} - install_scientific_linux_testing_deps() { install_centos_testing_deps || return 1 return 0 @@ -5852,11 +4888,6 @@ install_scientific_linux_git() { return 0 } -install_scientific_linux_onedir() { - install_centos_onedir || return 1 - return 0 -} - install_scientific_linux_testing() { install_centos_testing || return 1 return 0 @@ -5872,11 +4903,6 @@ install_scientific_linux_git_post() { return 0 } -install_scientific_linux_onedir_post() { - install_centos_onedir_post || return 1 - return 0 -} - install_scientific_linux_testing_post() { install_centos_testing_post || return 1 return 0 @@ -5910,11 +4936,6 @@ install_cloud_linux_git_deps() { return 0 } -install_cloud_linux_onedir_deps() { - install_centos_onedir_deps || return 1 - return 0 -} - install_cloud_linux_testing_deps() { install_centos_testing_deps || return 1 return 0 @@ -6008,8 +5029,8 @@ install_alpine_linux_git_deps() { fi fi else - apk -U add python3 python3-dev py3-pip py3-setuptools g++ linux-headers zeromq-dev openrc || return 1 - _PY_EXE=python3 + apk -U add python2 py2-pip py2-setuptools || return 1 + _PY_EXE=python2 return 0 fi @@ -6479,100 +5500,6 @@ _eof fi } -install_amazon_linux_ami_2_onedir_deps() { - # Shim to figure out if we're using old (rhel) or new (aws) rpms. - _USEAWS=$BS_FALSE - pkg_append="python" - - if [ "$ITYPE" = "onedir" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi - - if echo $repo_rev | grep -E -q '^archive'; then - year=$(echo "$repo_rev" | cut -d '/' -f 2 | cut -c1-4) - else - year=$(echo "$repo_rev" | cut -c1-4) - fi - - # We need to install yum-utils before doing anything else when installing on - # Amazon Linux ECS-optimized images. See issue #974. - __yum_install_noinput yum-utils - - # Do upgrade early - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - yum -y update || return 1 - fi - - if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="yum" - PY_PKG_VER="" - repo_label="saltstack-repo" - repo_name="SaltStack repo for Amazon Linux 2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="py3" - PY_PKG_VER=3 - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2" - fi - - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/$repo_rev/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/" - fi - - if [ "$(echo "${ONEDIR_REV}" | grep -E '(3004|3005)')" != "" ] || [ "${ONEDIR_REV}" = "nightly" ]; then - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub,${base_url}base/RPM-GPG-KEY-CentOS-7" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - fi - else - gpg_key="${base_url}SALT-PROJECT-GPG-PUBKEY-2023.pub" - fi - - # This should prob be refactored to use __install_saltstack_rhel_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof - fi - - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - # Package python-ordereddict-1.1-2.el6.noarch is obsoleted by python26-2.6.9-2.88.amzn1.x86_64 - # which is already installed - if [ -n "${PY_PKG_VER}" ] && [ "${PY_PKG_VER}" -eq 3 ]; then - __PACKAGES="${pkg_append}${PY_PKG_VER}-m2crypto ${pkg_append}${PY_PKG_VER}-pyyaml" - else - __PACKAGES="m2crypto PyYAML ${pkg_append}-futures" - fi - - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-crypto ${pkg_append}${PY_PKG_VER}-jinja2 procps-ng" - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-msgpack ${pkg_append}${PY_PKG_VER}-requests ${pkg_append}${PY_PKG_VER}-zmq" - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi -} - install_amazon_linux_ami_stable() { install_centos_stable || return 1 return 0 @@ -6648,16 +5575,6 @@ install_amazon_linux_ami_2_check_services() { return 0 } -install_amazon_linux_ami_2_onedir() { - install_centos_stable || return 1 - return 0 -} - -install_amazon_linux_ami_2_onedir_post() { - install_centos_stable_post || return 1 - return 0 -} - # # Ended Amazon Linux AMI Install Functions # @@ -6749,10 +5666,6 @@ install_arch_linux_git_deps() { return 0 } -install_arch_linux_onedir_deps() { - install_arch_linux_stable_deps || return 1 -} - install_arch_linux_stable() { # Pacman does not resolve dependencies on outdated versions # They always need to be updated @@ -6771,8 +5684,6 @@ install_arch_linux_stable() { install_arch_linux_git() { - _POST_NEON_PIP_INSTALL_ARGS="${_POST_NEON_PIP_INSTALL_ARGS} --use-pep517" - _PIP_DOWNLOAD_ARGS="${_PIP_DOWNLOAD_ARGS} --use-pep517" if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 return 0 @@ -6830,15 +5741,8 @@ install_arch_linux_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" - else - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" - fi - if [ -f /usr/bin/systemctl ]; then - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -6905,344 +5809,11 @@ install_arch_check_services() { return 0 } - -install_arch_linux_onedir() { - install_arch_linux_stable || return 1 - - return 0 -} - -install_arch_linux_onedir_post() { - install_arch_linux_post || return 1 - - return 0 -} # # Ended Arch Install Functions # ####################################################################################################################### -####################################################################################################################### -# -# Photon OS Install Functions -# - -__install_saltstack_photon_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - REPO_REV="$ONEDIR_REV" - else - REPO_REV="latest" - fi - - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - REPO_FILE="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/photon/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/photon/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" - fi - - __fetch_url "${REPO_FILE}" "${FETCH_URL}.repo" - - GPG_KEY="SALT-PROJECT-GPG-PUBKEY-2023.pub" - - __rpm_import_gpg "${FETCH_URL}/${GPG_KEY}" || return 1 - - tdnf makecache || return 1 - elif [ "$REPO_REV" != "latest" ]; then - echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $REPO_REV." - fi - - return 0 -} - -install_photon_deps() { - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - tdnf -y update || return 1 - fi - - __PACKAGES="${__PACKAGES:=}" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -lt 3 ]; then - echoerror "There are no Python 2 stable packages for Fedora, only Py3 packages" - return 1 - fi - - PY_PKG_VER=3 - - __PACKAGES="${__PACKAGES} libyaml procps-ng python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests python${PY_PKG_VER}-zmq" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pip python${PY_PKG_VER}-m2crypto python${PY_PKG_VER}-pyyaml" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-systemd" - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - fi - - # shellcheck disable=SC2086 - __tdnf_install_noinput ${__PACKAGES} ${_EXTRA_PACKAGES} || return 1 - - return 0 -} - -install_photon_stable_post() { - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) - sleep 1 - systemctl daemon-reload - done -} - -install_photon_git_deps() { - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - # Packages are named python3- - PY_PKG_VER=3 - else - PY_PKG_VER=2 - fi - - __PACKAGES="" - if ! __check_command_exists ps; then - __PACKAGES="${__PACKAGES} procps-ng" - fi - if ! __check_command_exists git; then - __PACKAGES="${__PACKAGES} git" - fi - - if [ -n "${__PACKAGES}" ]; then - # shellcheck disable=SC2086 - __tdnf_install_noinput ${__PACKAGES} || return 1 - __PACKAGES="" - fi - - __git_clone_and_checkout || return 1 - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - __PACKAGES="${__PACKAGES} ca-certificates" - fi - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud python${PY_PKG_VER}-netaddr" - fi - - install_photon_deps || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - if __check_command_exists python3; then - __python="python3" - fi - elif [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - if __check_command_exists python2; then - __python="python2" - fi - else - if ! __check_command_exists python; then - echoerror "Unable to find a python binary?!" - return 1 - fi - # Let's hope it's the right one - __python="python" - fi - - grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" | while IFS=' - ' read -r dep; do - echodebug "Running '${__python}' -m pip install '${dep}'" - "${__python}" -m pip install "${dep}" || return 1 - done - else - __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc glibc-devel linux-devel.x86_64" - # shellcheck disable=SC2086 - __tdnf_install_noinput ${__PACKAGES} || return 1 - fi - - if [ "${DISTRO_MAJOR_VERSION}" -gt 3 ]; then - # Need newer version of setuptools on Photon - _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION}" - echodebug "Running '${_PY_EXE} -m pip --upgrade install ${_setuptools_dep}'" - ${_PY_EXE} -m pip install --upgrade "${_setuptools_dep}" - fi - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi - - return 0 -} - -install_photon_git() { - if [ "${_PY_EXE}" != "" ]; then - _PYEXE=${_PY_EXE} - echoinfo "Using the following python version: ${_PY_EXE} to install salt" - else - _PYEXE='python2' - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - ${_PYEXE} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - else - ${_PYEXE} setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - fi - return 0 -} - -install_photon_git_post() { - for fname in api master minion syndic; do - # Skip if not meant to be installed - [ $fname = "api" ] && \ - ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" - else - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" - fi - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" - - # Salt executables are located under `/usr/local/bin/` on Fedora 36+ - #if [ "${DISTRO_VERSION}" -ge 36 ]; then - # sed -i -e 's:/usr/bin/:/usr/local/bin/:g' /lib/systemd/system/salt-*.service - #fi - - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) - sleep 1 - systemctl daemon-reload - done -} - -install_photon_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return - - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - systemctl stop salt-$fname > /dev/null 2>&1 - systemctl start salt-$fname.service && continue - echodebug "Failed to start salt-$fname using systemd" - if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then - systemctl status salt-$fname.service - journalctl -xe - fi - done -} - -install_photon_check_services() { - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - __check_services_systemd salt-$fname || return 1 - done - - return 0 -} - -install_photon_onedir_deps() { - - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - tdnf -y update || return 1 - fi - - if [ "$_DISABLE_REPOS" -eq "$BS_TRUE" ] && [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - echowarn "Detected -r or -R option while installing Salt packages for Python 3." - echowarn "Python 3 packages for older Salt releases requires the EPEL repository to be installed." - echowarn "Installing the EPEL repository automatically is disabled when using the -r or -R options." - fi - - if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then - __install_saltstack_photon_onedir_repository || return 1 - fi - - # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has - # its own check in case -r was passed without -R. - if [ "$_CUSTOM_REPO_URL" != "null" ]; then - __install_saltstack_photon_onedir_repository || return 1 - fi - - __PACKAGES="procps-ng" - - # shellcheck disable=SC2086 - __tdnf_install_noinput ${__PACKAGES} || return 1 - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __tdnf_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 - -} - - -install_photon_onedir() { - STABLE_REV=$ONEDIR_REV - - __PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-master" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-syndic" - fi - - # shellcheck disable=SC2086 - __tdnf_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - -install_photon_onedir_post() { - STABLE_REV=$ONEDIR_REV - install_photon_stable_post || return 1 - - return 0 -} -# -# Ended Fedora Install Functions -# -####################################################################################################################### - ####################################################################################################################### # # FreeBSD Install Functions @@ -7270,15 +5841,15 @@ install_freebsd_git_deps() { if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - SALT_DEPENDENCIES=$(/usr/local/sbin/pkg rquery %dn py39-salt) + SALT_DEPENDENCIES=$(/usr/local/sbin/pkg rquery %dn py38-salt) # shellcheck disable=SC2086 /usr/local/sbin/pkg install -y ${SALT_DEPENDENCIES} python || return 1 - /usr/local/sbin/pkg install -y py39-requests || return 1 - /usr/local/sbin/pkg install -y py39-tornado4 || return 1 + /usr/local/sbin/pkg install -y py38-requests || return 1 + /usr/local/sbin/pkg install -y py38-tornado4 || return 1 else - /usr/local/sbin/pkg install -y python py39-pip py39-setuptools libzmq4 libunwind || return 1 + /usr/local/sbin/pkg install -y python py38-pip py38-setuptools libzmq4 libunwind || return 1 fi echodebug "Adapting paths to FreeBSD" @@ -7324,7 +5895,7 @@ install_freebsd_stable() { # installing latest version of salt from FreeBSD CURRENT ports repo # # shellcheck disable=SC2086 - /usr/local/sbin/pkg install -y py39-salt || return 1 + /usr/local/sbin/pkg install -y py38-salt || return 1 return 0 } @@ -7416,15 +5987,6 @@ install_freebsd_restart_daemons() { service salt_$fname start done } - -install_freebsd_onedir() { -# -# call install_freebsd_stable -# - install_freebsd_stable || return 1 - - return 0 -} # # Ended FreeBSD Install Functions # @@ -7459,7 +6021,7 @@ install_openbsd_git_deps() { __git_clone_and_checkout || return 1 if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - pkg_add -I -v py3-pip py3-setuptools + pkg_add -I -v py-pip py-setuptools fi # @@ -7543,14 +6105,6 @@ install_openbsd_restart_daemons() { return 0 } -install_openbsd_onedir() { -# -# Call install_openbsd_stable -# - install_openbsd_stable || return 1 - - return 0 -} # # Ended OpenBSD Install Functions # @@ -7751,14 +6305,6 @@ install_smartos_restart_daemons() { return 0 } -install_smartos_onedir() { -# -# call install_smartos_stable -# - install_smartos_stable || return 1 - - return 0 -} # # Ended SmartOS Install Functions # @@ -7775,16 +6321,19 @@ __set_suse_pkg_repo() { # Set distro repo variable if [ "${DISTRO_MAJOR_VERSION}" -gt 2015 ]; then DISTRO_REPO="openSUSE_Tumbleweed" - elif [ "${DISTRO_MAJOR_VERSION}" -eq 15 ] && [ "${DISTRO_MINOR_VERSION}" -ge 4 ]; then - DISTRO_REPO="${DISTRO_MAJOR_VERSION}.${DISTRO_MINOR_VERSION}" elif [ "${DISTRO_MAJOR_VERSION}" -ge 42 ] || [ "${DISTRO_MAJOR_VERSION}" -eq 15 ]; then DISTRO_REPO="openSUSE_Leap_${DISTRO_MAJOR_VERSION}.${DISTRO_MINOR_VERSION}" else DISTRO_REPO="SLE_${DISTRO_MAJOR_VERSION}_SP${SUSE_PATCHLEVEL}" fi - suse_pkg_url_base="https://download.opensuse.org/repositories/systemsmanagement:/saltstack" - suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo" + if [ "$_DOWNSTREAM_PKG_REPO" -eq $BS_TRUE ]; then + suse_pkg_url_base="https://download.opensuse.org/repositories/systemsmanagement:/saltstack" + suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo" + else + suse_pkg_url_base="${HTTP_VAL}://repo.saltproject.io/opensuse" + suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack:products.repo" + fi SUSE_PKG_URL="$suse_pkg_url_base/$suse_pkg_url_path" } @@ -7804,7 +6353,7 @@ __version_lte() { zypper --non-interactive install --auto-agree-with-licenses python || return 1 fi - if [ "$(${_PY_EXE} -c 'import sys; V1=tuple([int(i) for i in sys.argv[1].split(".")]); V2=tuple([int(i) for i in sys.argv[2].split(".")]); print(V1<=V2)' "$1" "$2")" = "True" ]; then + if [ "$(python -c 'import sys; V1=tuple([int(i) for i in sys.argv[1].split(".")]); V2=tuple([int(i) for i in sys.argv[2].split(".")]); print V1<=V2' "$1" "$2")" = "True" ]; then __ZYPPER_REQUIRES_REPLACE_FILES=${BS_TRUE} else __ZYPPER_REQUIRES_REPLACE_FILES=${BS_FALSE} @@ -7921,7 +6470,7 @@ install_opensuse_git_deps() { fi # Check for Tumbleweed elif [ "${DISTRO_MAJOR_VERSION}" -ge 20210101 ]; then - __PACKAGES="python3-pip gcc-c++ python3-pyzmq-devel" + __PACKAGES="python3-pip" else __PACKAGES="python-pip python-setuptools gcc" fi @@ -7938,10 +6487,6 @@ install_opensuse_git_deps() { return 0 } -install_opensuse_onedir_deps() { - install_opensuse_stable_deps || return 1 -} - install_opensuse_stable() { __PACKAGES="" @@ -7974,10 +6519,6 @@ install_opensuse_git() { return 0 } -install_opensuse_onedir() { - install_opensuse_stable || return 1 -} - install_opensuse_stable_post() { for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -8022,17 +6563,10 @@ install_opensuse_git_post() { use_usr_lib=$BS_TRUE fi - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" - else - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/" - fi - if [ "${use_usr_lib}" -eq $BS_TRUE ]; then - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/usr/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/usr/lib/systemd/system/salt-${fname}.service" else - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" fi continue @@ -8047,10 +6581,6 @@ install_opensuse_git_post() { return 0 } -install_opensuse_onedir_post() { - install_opensuse_stable_post || return 1 -} - install_opensuse_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return @@ -8210,11 +6740,6 @@ install_opensuse_15_git() { return 0 } -install_opensuse_15_onedir_deps() { - __opensuse_prep_install || return 1 - return 0 -} - # # End of openSUSE Leap 15 # @@ -8244,13 +6769,6 @@ install_suse_15_git_deps() { return 0 } -install_suse_15_onedir_deps() { - __opensuse_prep_install || return 1 - install_opensuse_15_onedir_deps || return 1 - - return 0 -} - install_suse_15_stable() { install_opensuse_stable || return 1 return 0 @@ -8261,11 +6779,6 @@ install_suse_15_git() { return 0 } -install_suse_15_onedir() { - install_opensuse_stable || return 1 - return 0 -} - install_suse_15_stable_post() { install_opensuse_stable_post || return 1 return 0 @@ -8276,11 +6789,6 @@ install_suse_15_git_post() { return 0 } -install_suse_15_onedir_post() { - install_opensuse_stable_post || return 1 - return 0 -} - install_suse_15_restart_daemons() { install_opensuse_restart_daemons || return 1 return 0 @@ -8363,11 +6871,6 @@ install_suse_12_git_deps() { return 0 } -install_suse_12_onedir_deps() { - install_suse_12_stable_deps || return 1 - return 0 -} - install_suse_12_stable() { install_opensuse_stable || return 1 return 0 @@ -8378,11 +6881,6 @@ install_suse_12_git() { return 0 } -install_suse_12_onedir() { - install_opensuse_stable || return 1 - return 0 -} - install_suse_12_stable_post() { install_opensuse_stable_post || return 1 return 0 @@ -8393,11 +6891,6 @@ install_suse_12_git_post() { return 0 } -install_suse_12_onedir_post() { - install_opensuse_stable_post || return 1 - return 0 -} - install_suse_12_restart_daemons() { install_opensuse_restart_daemons || return 1 return 0 @@ -8474,11 +6967,6 @@ install_suse_11_git_deps() { return 0 } -install_suse_11_onedir_deps() { - install_suse_11_stable_deps || return 1 - return 0 -} - install_suse_11_stable() { install_opensuse_stable || return 1 return 0 @@ -8489,11 +6977,6 @@ install_suse_11_git() { return 0 } -install_suse_11_onedir() { - install_opensuse_stable || return 1 - return 0 -} - install_suse_11_stable_post() { install_opensuse_stable_post || return 1 return 0 @@ -8504,11 +6987,6 @@ install_suse_11_git_post() { return 0 } -install_suse_11_onedir_post() { - install_opensuse_stable_post || return 1 - return 0 -} - install_suse_11_restart_daemons() { install_opensuse_restart_daemons || return 1 return 0 @@ -8608,6 +7086,11 @@ __gentoo_pre_dep() { mkdir /etc/portage fi + # Enable Python 3.6 target for pre Neon Salt release + if echo "${STABLE_REV}" | grep -q "2019" || [ "${ITYPE}" = "git" ] && [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then + EXTRA_PYTHON_TARGET=python3_6 + fi + # Enable Python 3.7 target for Salt Neon using GIT if [ "${ITYPE}" = "git" ] && [ "${GIT_REV}" = "v3000" ]; then EXTRA_PYTHON_TARGET=python3_7 @@ -8703,9 +7186,6 @@ install_gentoo_git_deps() { __emerge ${GENTOO_GIT_PACKAGES} || return 1 fi - echoinfo "Running emerge -v1 setuptools" - __emerge -v1 setuptools || return 1 - __git_clone_and_checkout || return 1 __gentoo_post_dep || return 1 } @@ -8753,11 +7233,6 @@ install_gentoo_git() { return 0 } -install_gentoo_onedir() { - STABLE_REV=${ONEDIR_REV} - install_gentoo_stable || return 1 -} - install_gentoo_post() { for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -8793,15 +7268,8 @@ install_gentoo_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - # Account for new path for services files in later releases - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" - else - _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg" - fi - if __check_command_exists systemctl ; then - __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -8847,10 +7315,6 @@ _eof return 0 } -install_gentoo_onedir_post() { - install_gentoo_post || return 1 -} - install_gentoo_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return @@ -9002,46 +7466,7 @@ __macosx_get_packagesite() { fi PKG="salt-${STABLE_REV}-${__PY_VERSION_REPO}-${DARWIN_ARCH}.pkg" - SALTPKGCONFURL="https://${_REPO_URL}/osx/${PKG}" -} - -__parse_repo_json_python() { - - # Using latest, grab the right - # version from the repo.json - _JSON_VERSION=$(python - <<-EOF -import json, urllib.request -url = "https://repo.saltproject.io/salt/py3/macos/repo.json" -response = urllib.request.urlopen(url) -data = json.loads(response.read()) -version = data["${_ONEDIR_REV}"][list(data["${_ONEDIR_REV}"])[0]]['version'] -print(version) -EOF -) -echo "${_JSON_VERSION}" -} - -__macosx_get_packagesite_onedir() { - DARWIN_ARCH="x86_64" - - __PY_VERSION_REPO="py2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - - if [ "$(echo "$_ONEDIR_REV" | grep -E '^(latest)$')" != "" ]; then - _PKG_VERSION=$(__parse_repo_json_python) - elif [ "$(echo "$_ONEDIR_REV" | grep -E '^([3-9][0-9]{3}(\.[0-9]*))')" != "" ]; then - _PKG_VERSION=$_ONEDIR_REV - else - _PKG_VERSION=$(__parse_repo_json_python) - fi - if [ "$(echo "$_ONEDIR_REV" | grep -E '^(3005)')" != "" ]; then - PKG="salt-${_PKG_VERSION}-macos-${DARWIN_ARCH}.pkg" - else - PKG="salt-${_PKG_VERSION}-${__PY_VERSION_REPO}-${DARWIN_ARCH}.pkg" - fi - SALTPKGCONFURL="https://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/macos/${ONEDIR_REV}/${PKG}" + SALTPKGCONFURL="https://repo.saltproject.io/osx/${PKG}" } # Using a separate conf step to head for idempotent install... @@ -9050,21 +7475,11 @@ __configure_macosx_pkg_details() { return 0 } -__configure_macosx_pkg_details_onedir() { - __macosx_get_packagesite_onedir || return 1 - return 0 -} - install_macosx_stable_deps() { __configure_macosx_pkg_details || return 1 return 0 } -install_macosx_onedir_deps() { - __configure_macosx_pkg_details_onedir || return 1 - return 0 -} - install_macosx_git_deps() { install_macosx_stable_deps || return 1 @@ -9111,16 +7526,6 @@ install_macosx_stable() { return 0 } -install_macosx_onedir() { - install_macosx_onedir_deps || return 1 - - __fetch_url "/tmp/${PKG}" "${SALTPKGCONFURL}" || return 1 - - /usr/sbin/installer -pkg "/tmp/${PKG}" -target / || return 1 - - return 0 -} - install_macosx_git() { if [ -n "$_PY_EXE" ]; then @@ -9158,11 +7563,6 @@ install_macosx_stable_post() { return 0 } -install_macosx_onedir_post() { - install_macosx_stable_post || return 1 - return 0 -} - install_macosx_git_post() { install_macosx_stable_post || return 1 return 0 @@ -9171,15 +7571,8 @@ install_macosx_git_post() { install_macosx_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - /bin/launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 - /bin/launchctl load -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 - fi - - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then - /bin/launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.master.plist || return 1 - /bin/launchctl load -w /Library/LaunchDaemons/com.saltstack.salt.master.plist || return 1 - fi + /bin/launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 + /bin/launchctl load -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 return 0 } @@ -9381,43 +7774,6 @@ preseed_master() { # ####################################################################################################################### -####################################################################################################################### -# -# This function checks if all of the installed daemons are running or not. -# -daemons_running_onedir() { - [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 - - FAILED_DAEMONS=0 - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - if [ -f "/opt/saltstack/salt/run/run" ]; then - salt_path="/opt/saltstack/salt/run/run ${fname}" - else - salt_path="salt-${fname}" - fi - process_running=$(pgrep -f "${salt_path}") - if [ "${process_running}" = "" ]; then - echoerror "${salt_path} was not found running" - FAILED_DAEMONS=$((FAILED_DAEMONS + 1)) - fi - done - - return $FAILED_DAEMONS -} - -# -# Ended daemons running check function -# -####################################################################################################################### - ####################################################################################################################### # # This function checks if all of the installed daemons are running or not. @@ -9518,7 +7874,6 @@ echodebug "PRESEED_MASTER_FUNC=${PRESEED_MASTER_FUNC}" INSTALL_FUNC_NAMES="install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}_${ITYPE}" INSTALL_FUNC_NAMES="$INSTALL_FUNC_NAMES install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}${PREFIXED_DISTRO_MINOR_VERSION}_${ITYPE}" INSTALL_FUNC_NAMES="$INSTALL_FUNC_NAMES install_${DISTRO_NAME_L}_${ITYPE}" -echodebug "INSTALL_FUNC_NAMES=${INSTALL_FUNC_NAMES}" INSTALL_FUNC="null" for FUNC_NAME in $(__strip_duplicates "$INSTALL_FUNC_NAMES"); do @@ -9570,7 +7925,6 @@ DAEMONS_RUNNING_FUNC_NAMES="$DAEMONS_RUNNING_FUNC_NAMES daemons_running_${DISTRO DAEMONS_RUNNING_FUNC_NAMES="$DAEMONS_RUNNING_FUNC_NAMES daemons_running_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}${PREFIXED_DISTRO_MINOR_VERSION}" DAEMONS_RUNNING_FUNC_NAMES="$DAEMONS_RUNNING_FUNC_NAMES daemons_running_${DISTRO_NAME_L}_${ITYPE}" DAEMONS_RUNNING_FUNC_NAMES="$DAEMONS_RUNNING_FUNC_NAMES daemons_running_${DISTRO_NAME_L}" -DAEMONS_RUNNING_FUNC_NAMES="$DAEMONS_RUNNING_FUNC_NAMES daemons_running_${ITYPE}" DAEMONS_RUNNING_FUNC_NAMES="$DAEMONS_RUNNING_FUNC_NAMES daemons_running" DAEMONS_RUNNING_FUNC="null" @@ -9760,11 +8114,6 @@ if [ "$DAEMONS_RUNNING_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; fi fi -if [ "$_AUTO_ACCEPT_MINION_KEYS" -eq "$BS_TRUE" ]; then - echoinfo "Accepting the Salt Minion Keys" - salt-key -yA -fi - # Done! if [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then echoinfo "Salt installed!" @@ -9772,13 +8121,6 @@ else echoinfo "Salt configured!" fi -if [ "$_QUICK_START" -eq "$BS_TRUE" ]; then - echoinfo "Congratulations!" - echoinfo "A couple of commands to try:" - echoinfo " salt \* test.ping" - echoinfo " salt \* test.version" -fi - exit 0 # vim: set sts=4 ts=4 et diff --git a/setup/so-functions b/setup/so-functions index b64daaa92..1c9b0f43d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1258,7 +1258,7 @@ generate_ssl() { # if the install type is a manager then we need to wait for the minion to be ready before trying # to run the ssl state since we need the minion to sign the certs if [[ "$install_type" =~ ^(EVAL|MANAGER|MANAGERSEARCH|STANDALONE|IMPORT|HELIXSENSOR)$ ]]; then - wait_for_salt_minion "$MINION_ID" "5" "$setup_log" || fail_setup + wait_for_salt_minion fi info "Applying SSL state" logCmd "salt-call state.apply ssl -l info" @@ -1972,7 +1972,6 @@ securityonion_repo() { } repo_sync_local() { - SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //') info "Repo Sync" if [[ $is_supported ]]; then # Sync the repo from the the SO repo locally. @@ -2022,7 +2021,7 @@ repo_sync_local() { curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - curl -fsSL "https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/$SALTVERSION.repo" | tee /etc/yum.repos.d/salt.repo + curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo dnf repolist curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install else