diff --git a/bin/packer.py b/bin/packer.py index d13d04b9..aff6666c 100755 --- a/bin/packer.py +++ b/bin/packer.py @@ -102,9 +102,9 @@ def contains(x, ys): images = response['Images'] #images = [i for i in images if contains(i['Name'], ('hvm-ssd', '14.04', 'server'))] - images = [i for i in images if contains(i['Name'], ('hvm-ssd', '20.04', 'server'))] - images = [i for i in images if not contains(i['Name'], ('ubuntu-eks'))] - images = [i for i in images if not contains(i['Name'], ('ubuntu-pro-server'))] + images = [i for i in images if contains(i['Name'], ['hvm-ssd', '22.04', 'server'])] + images = [i for i in images if not contains(i['Name'], ['ubuntu-eks'])] + images = [i for i in images if not contains(i['Name'], ['ubuntu-pro-server'])] images.sort(key=lambda x: x["CreationDate"], reverse=True) if len(images) == 0: diff --git a/cloud_formation/configs/activities.py b/cloud_formation/configs/activities.py index 4966fe31..eb6572bb 100644 --- a/cloud_formation/configs/activities.py +++ b/cloud_formation/configs/activities.py @@ -152,7 +152,7 @@ def create_config(bosslet_config, lookup=True): const.INGEST_LAMBDA, handler="index.handler", timeout=60 * 5, - runtime='python3.7', + runtime='python3.11', memory=3008) config.add_lambda_permission("IngestLambdaExecute", Ref("IngestLambda")) @@ -189,7 +189,7 @@ def create_config(bosslet_config, lookup=True): lambda_role, const.DOWNSAMPLE_DLQ_LAMBDA, handler='index.handler', - runtime='python3.7', + runtime='python3.11', timeout=10) config.add_lambda_permission('DownsampleDLQLambdaExecute', diff --git a/cloud_formation/configs/api.py b/cloud_formation/configs/api.py index d09e1146..1a551f57 100644 --- a/cloud_formation/configs/api.py +++ b/cloud_formation/configs/api.py @@ -43,11 +43,13 @@ from lib import utils from lib import constants as const + import json import uuid from urllib.request import Request, urlopen from urllib.parse import urlencode from urllib.error import HTTPError +from pprint import pprint def create_config(bosslet_config, db_config={}): names = bosslet_config.names @@ -226,6 +228,7 @@ def create_config(bosslet_config, db_config={}): db_config.get("user"), db_config.get("password"), internal_subnets, + rds_engine_version=bosslet_config.RDS_ENGINE_VERSION, type_ = const.RDS_TYPE, security_groups=[sgs[names.internal.sg]]) @@ -312,7 +315,8 @@ def create(bosslet_config): raise # Outside the try/except so it can be run again if there is an error - post_init(bosslet_config) + # post_init(bosslet_config) + def post_init(bosslet_config): call = bosslet_config.call @@ -330,9 +334,15 @@ def post_init(bosslet_config): bossadmin = vault.read("secret/auth/realm") auth_uri = vault.read("secret/endpoint/auth")['url'] + # TODO Remove this debug statement + print(f"debug: {creds}\n{bossadmin}\n{auth_uri}") + # Verify Keycloak is accessible print("Checking for Keycloak availability") call.check_keycloak(const.TIMEOUT_KEYCLOAK) + print("Finished checking Keycloak availability") + pprint(names.auth) + pprint(names.auth.dns) # Add the API servers to the list of OIDC valid redirects with call.tunnel(names.auth.dns, 8080) as auth_port: @@ -340,7 +350,9 @@ def post_init(bosslet_config): auth_url = "http://localhost:{}".format(auth_port) with KeyCloakClient(auth_url, **creds) as kc: # DP TODO: make add_redirect_uri able to work multiple times without issue + print("debug: about to add redirect URI") kc.add_redirect_uri("BOSS","endpoint", uri + "/*") + print("debug: finished adding redirect URI") # Get the boss admin's bearer token headers = { diff --git a/cloud_formation/configs/cloudwatch.py b/cloud_formation/configs/cloudwatch.py index e8ae8d37..34b1317b 100644 --- a/cloud_formation/configs/cloudwatch.py +++ b/cloud_formation/configs/cloudwatch.py @@ -70,7 +70,7 @@ def create_config(bosslet_config): security_groups=[internal_sg], subnets=lambda_subnets, handler='index.lambda_handler', - runtime='python3.7', + runtime='python3.11', file=const.VAULT_LAMBDA) # Lambda input data diff --git a/cloud_formation/configs/core.py b/cloud_formation/configs/core.py index 972d2aff..4720ce05 100644 --- a/cloud_formation/configs/core.py +++ b/cloud_formation/configs/core.py @@ -112,8 +112,8 @@ def create_config(bosslet_config): aws.role_arn_lookup(session, 'DeleteENI'), const.DELETE_ENI_LAMBDA, handler="index.handler", - timeout=180, # 3 minutes, so that there is enough time to wait for the ENI detach to complete - runtime='python3.7') # If the lambda times out CF will retry a couple of times + timeout=180, # 3 minutes, so that there is enough time to wait for the ENI detach to complete + runtime='python3.11') # If the lambda times out CF will retry a couple of times user_data = const.BASTION_USER_DATA.format(bosslet_config.NETWORK) config.add_ec2_instance("Bastion", @@ -202,6 +202,7 @@ def create_config(bosslet_config): "keycloak", "keycloak", internal_subnets, + bosslet_config.RDS_ENGINE_VERSION, type_=const.RDS_AUTH_TYPE, security_groups=[Ref("InternalSecurityGroup")]) @@ -212,7 +213,7 @@ def create_config(bosslet_config): const.DNS_LAMBDA, handler="index.handler", timeout=10, - runtime='python3.7', + runtime='python3.11', depends_on="DNSZone") config.add_lambda_permission("DNSLambdaExecute", Ref("DNSLambda")) @@ -305,7 +306,9 @@ def create(bosslet_config): vpc_id = aws.vpc_id_lookup(session, domain) aws.rt_name_default(session, vpc_id, "default." + domain) - post_init(bosslet_config) + # TODO Sandy, put this back after debugging + # post_init(bosslet_config) + def post_init(bosslet_config): @@ -334,11 +337,11 @@ def post_init(bosslet_config): except Exception as ex: raise BossManageError("Problem initializing Vault: {}".format(str(ex))) - #Check and see if these secrets already exist before we overwrite them with new ones. + # Check and see if these secrets already exist before we overwrite them with new ones. # Write data into Vault auth_data = vault.read(const.VAULT_AUTH) if not auth_data or 'password' not in auth_data: - print("Writing {}".format(const.VAULT_AUTH)) + print("Writing {} to vault".format(const.VAULT_AUTH)) vault.write(const.VAULT_AUTH, password = password, username = username, client_id = "admin-cli") else: password = auth_data['password'] @@ -356,7 +359,7 @@ def post_init(bosslet_config): realm_data = vault.read(const.VAULT_REALM) if not realm_data or 'password' not in realm_data: - print("Writing {}".format(const.VAULT_REALM)) + print("Writing {} to vault".format(const.VAULT_REALM)) vault.write(const.VAULT_REALM, username = realm_username, password = realm_password, client_id = "endpoint") else: realm_password = realm_data['password'] @@ -386,14 +389,16 @@ def post_init(bosslet_config): ## Also need to guard the writes to vault with the admin password ####### + # Sandy TODO: Uncomment this after test on 1/14/2025 with call.ssh(names.auth.dns) as ssh: print("Creating initial Keycloak admin user") # This fails if the user already exists, but execution will continue. ssh("/srv/keycloak/bin/add-user-keycloak.sh -r master -u {} -p {}".format(username, password)) - time.sleep(10) + time.sleep(5) + print("Calling Keycloak jboss to reload Keycloak") ssh("/srv/keycloak/bin/jboss-cli.sh --connect reload") - time.sleep(3) + time.sleep(20) print("Waiting for Keycloak to restart") call.check_keycloak(const.TIMEOUT_KEYCLOAK) @@ -421,6 +426,7 @@ def post_init(bosslet_config): except Exception as ex: print('Failed to upload Boss.realm config. Does it already exist? Error message: {}'.format(ex)) + def update(bosslet_config): # Checks to make sure they update can happen and the user wants to wait the required time if not bosslet_config.AUTH_RDS: diff --git a/cloud_formation/lambda/cache_throttle/lambda.yml b/cloud_formation/lambda/cache_throttle/lambda.yml index 087e1747..ed6e4567 100755 --- a/cloud_formation/lambda/cache_throttle/lambda.yml +++ b/cloud_formation/lambda/cache_throttle/lambda.yml @@ -1,4 +1,4 @@ name: cache_throttle -runtime: python3.7 +runtime: python3.11 python_packages: - requirements.txt diff --git a/cloud_formation/lambda/multi_lambda/lambda.yml b/cloud_formation/lambda/multi_lambda/lambda.yml index ecfcd092..828a68ae 100644 --- a/cloud_formation/lambda/multi_lambda/lambda.yml +++ b/cloud_formation/lambda/multi_lambda/lambda.yml @@ -1,5 +1,5 @@ name: multilambda -runtime: python3.7 +runtime: python3.11 include: # DP NOTE: The spdb, bossutils (boss-tools), and heaviside repositories # are copied into repos/ where pip can install them from diff --git a/docs/InstallGuide.md b/docs/InstallGuide.md index 5e0596ab..bb749ae0 100644 --- a/docs/InstallGuide.md +++ b/docs/InstallGuide.md @@ -13,8 +13,18 @@ from the root directory of the cloned boss-manage.git repository.* ### Workstation You will need a machine installed with the following software packages: -* Python 3.8 or later +* Python 3.11 - The Boss Manage software can be run within `venv`, `virtualenv`, or `virtualenvwrapper` + - pip may need to be manually installed for Python 3.11 + - $ pip install --upgrade setuptools + - $ python3 -m ensurepip --upgrade + - $ python3 -m pip install --user virtualenv virtualenvwrapper + - # if already present + - $ pip install --upgrade virtualenv virtualenvwrapper + - # you may need to run + - $ virtualenv --upgrade-embed-wheels + - + - * Packer 1.8.x ([download](https://www.packer.io/)) (add it to your path or in the `boss-manage.git/bin/` directory) * Docker Desktop ([download](https://docs.docker.com/desktop/release-notes/)) - Contact your department software representative to get a license @@ -54,6 +64,7 @@ To install the Python packages needed for boss-manage to work, run ```shell pip install -r requirements.txt +pip install -r heaviside-requirements.txt ``` ## Setup AWS Account @@ -91,7 +102,7 @@ Success looks like this: Failure like this ==> Builds finished but no artifacts were created. -It can beneficial to check the logs before all the AMIs are completed, +It can be beneficial to check the logs before all the AMIs are completed, when issues do occur, they frequently fail early. Discovering this allows you to relauch packer.py in another terminal for the failed AMIs, saving time overall. diff --git a/lib/cloudformation.py b/lib/cloudformation.py index e9fa3093..5c470f73 100644 --- a/lib/cloudformation.py +++ b/lib/cloudformation.py @@ -978,7 +978,7 @@ def add_nat(self, key, subnet, depends_on=None): } } - def add_ec2_instance(self, key, hostname, ami, keypair, subnet=Ref("Subnet"), type_="t2.micro", iface_check=True, public_ip=False, security_groups=None, user_data=None, meta_data=None, role=None, depends_on=None): + def add_ec2_instance(self, key, hostname, ami, keypair, subnet=Ref("Subnet"), type_="t3.micro", iface_check=True, public_ip=False, security_groups=None, user_data=None, meta_data=None, role=None, depends_on=None): """Add an EC2 instance to the configuration Args: @@ -1046,7 +1046,7 @@ def add_ec2_instance(self, key, hostname, ami, keypair, subnet=Ref("Subnet"), ty self.keypairs[hostname] = keypair self._add_record_cname(key, hostname, ec2 = True) - def add_rds_db(self, key, hostname, port, db_name, username, password, subnets, type_="db.t2.micro", storage="5", security_groups=None): + def add_rds_db(self, key, hostname, port, db_name, username, password, subnets, rds_engine_version="8.0.40", type_="db.t2.micro", storage="5", security_groups=None): """Add an RDS DB instance to the configuration Args: @@ -1058,6 +1058,7 @@ def add_rds_db(self, key, hostname, port, db_name, username, password, subnets, password (str) : The (plaintext) password for the master username subnets (list) : A list of Subnet IDs or Refs across which to create a DB SubnetGroup for the DB Instance to launch into + rds_engine_version (str) : Engine Version of the RDS Database type_ (str) : The RDS instance type to create storage (int|string) : The storage size of the database (in GB) security_groups (None|list) : A list of SecurityGroup IDs or Refs @@ -1070,7 +1071,7 @@ def add_rds_db(self, key, hostname, port, db_name, username, password, subnets, "Properties" : { "Engine" : "mysql", "LicenseModel" : "general-public-license", - "EngineVersion" : "5.7.39", # was 5.6.48 + "EngineVersion" : rds_engine_version, "DBInstanceClass" : type_, "MultiAZ" : "true", "StorageType" : "standard", @@ -1946,7 +1947,7 @@ def append_s3_bucket_policy(self, key, bucket_name, action, principal, bucket_on }) - def add_lambda(self, key, name, role, file=None, handler=None, s3=None, description="", memory=128, timeout=3, security_groups=None, subnets=None, depends_on=None, runtime="python3.7", reserved_executions=None, dlq=None, layers=None): + def add_lambda(self, key, name, role, file=None, handler=None, s3=None, description="", memory=128, timeout=3, security_groups=None, subnets=None, depends_on=None, runtime="python3.11", reserved_executions=None, dlq=None, layers=None): """Create a Python Lambda Args: diff --git a/lib/configuration.py b/lib/configuration.py index a11f3d88..e98901ce 100644 --- a/lib/configuration.py +++ b/lib/configuration.py @@ -57,6 +57,7 @@ class BossConfiguration(object): 'SCENARIO', # Optional, no default 'VERIFY_SSL', # Optional 'AUTH_RDS', + 'RDS_ENGINE_VERSION', # Optional 'LAMBDA_BUCKET', 'LAMBDA_SERVER', 'LAMBDA_SERVER_KEY', @@ -96,6 +97,7 @@ class BossConfiguration(object): 'SLACK_WEBHOOK_HOST': 'hooks.slack.com', 'SLACK_WEBHOOK_PATH_DYNAMODB_AUTOSCALE': None, 'DYNAMODB_AUTOSCALE_PROVISIONER': 'BossDefaultProvisioners', + 'RDS_ENGINE_VERSION': "8.0.35" } def __init__(self, bosslet, **kwargs): diff --git a/lib/constants.py b/lib/constants.py index b984f44a..41c2d1fd 100644 --- a/lib/constants.py +++ b/lib/constants.py @@ -108,7 +108,7 @@ def repo_path(*args): ######################## # Service Check Timeouts TIMEOUT_VAULT = 120 -TIMEOUT_KEYCLOAK = 150 +TIMEOUT_KEYCLOAK = 180 AUTH_HEALTH_CHECK_GRACE_PERIOD = 160 diff --git a/lib/external.py b/lib/external.py index c2128f87..ca9fb2a4 100644 --- a/lib/external.py +++ b/lib/external.py @@ -26,6 +26,7 @@ from .exceptions import SSHError from .names import AWSNames + def gen_timeout(total, step): """Break the total timeout value into steps that are a specific size. @@ -44,6 +45,7 @@ def gen_timeout(total, step): rtn.insert(0, remainder) # Sleep for the partial time first return rtn + class ExternalCalls: """Class that helps with forming connections from the local machine to machines within a VPC through the VPC's bastion machine. @@ -231,7 +233,6 @@ def check_vault(self, timeout, exception=True): print("Error establishing SSH tunnel to Vault, waiting") time.sleep(error_sleep) - def check_keycloak(self, timeout, exception=True): """Keycloak status check to see if Keycloak is accessible """ diff --git a/lib/heaviside.git b/lib/heaviside.git index 51536f9e..274ffa5d 160000 --- a/lib/heaviside.git +++ b/lib/heaviside.git @@ -1 +1 @@ -Subproject commit 51536f9ee5989c5535028ece3f3ac13190d8e5c3 +Subproject commit 274ffa5ddb2ddb558645b9d10e132bb69779f6f3 diff --git a/lib/keycloak.py b/lib/keycloak.py index a56eefcd..bc0e4054 100644 --- a/lib/keycloak.py +++ b/lib/keycloak.py @@ -14,6 +14,8 @@ import json import ssl +from pprint import pprint + from urllib.request import Request, urlopen from urllib.parse import urlencode from urllib.error import HTTPError @@ -122,6 +124,10 @@ def login(self, username=None, password=None, client_id=None): if client_id is None: raise Exception("No client_id set") + print(f"username: '{username}'") + print(f"password: '{password}'") + print(f"client_id: '{client_id}'") + self.token = self.request( "/auth/realms/master/protocol/openid-connect/token", params={ @@ -136,8 +142,12 @@ def login(self, username=None, password=None, client_id=None): ) if self.token is None: - #print("Could not authenticate to KeyCloak Server") + print("Could not authenticate to KeyCloak Server.") raise exceptions.KeyCloakLoginError(self.url_base, username) + else: + # TODO SH After Debug remove these if appropriate + print("Keycloak token received after login.") + pprint(self.token) return self # DP NOTE: So context manager works correctly @@ -150,7 +160,7 @@ def logout(self): if self.token is None: return - self.request( # no response + logout_response = self.request( # no response "/auth/realms/master/protocol/openid-connect/logout", params={ "refresh_token": self.token["refresh_token"], @@ -161,11 +171,16 @@ def logout(self): } ) + # TODO SH Delete debug statements + print("response from keycloak logout") + pprint(logout_response) + self.token = None def __enter__(self): """The start of the context manager, which handles automatically calling logout.""" if self.token is None: + print("Keycloak token is none, logging into keycloak") self.login() return self diff --git a/packer/vm.pkr.hcl b/packer/vm.pkr.hcl index 824d5bdd..29300eb9 100644 --- a/packer/vm.pkr.hcl +++ b/packer/vm.pkr.hcl @@ -98,7 +98,7 @@ build { # Update the hostname in /etc/hosts, /etc/hostname, and in memory # Install cURL so that salt-masterless can bootstrap Salt inline = ["sudo apt-get update", - "sudo apt-get -y install curl"] + "sudo apt-get -y install curl python3-pip"] } provisioner "file" { @@ -114,8 +114,8 @@ build { provisioner "shell" { inline = ["sudo tar -C /srv -xf /tmp/salt_files.tar.gz", "sudo chmod +x /tmp/bootstrap-salt.sh", - "echo sudo /tmp/bootstrap-salt.sh -i ${var.name} stable 3004", - "sudo /tmp/bootstrap-salt.sh -i ${var.name} stable 3004", + "echo sudo /tmp/bootstrap-salt.sh -i ${var.name} stable 3006", + "sudo /tmp/bootstrap-salt.sh -i ${var.name} stable 3006", "echo sudo salt-call --local state.highstate --file-root=/srv/salt --pillar-root=/srv/pillar --id=${var.name}", "sudo salt-call --local state.highstate --file-root=/srv/salt --pillar-root=/srv/pillar --id=${var.name}", "echo deleting temp files from /tmp", diff --git a/salt_stack/salt-bootstrap/bootstrap-salt.sh b/salt_stack/salt-bootstrap/bootstrap-salt.sh index 735e9919..9a8c97ca 100644 --- a/salt_stack/salt-bootstrap/bootstrap-salt.sh +++ b/salt_stack/salt-bootstrap/bootstrap-salt.sh @@ -1,9 +1,12 @@ -#!/bin/sh - +#!/bin/sh # WARNING: Changes to this file in the salt repo will be overwritten! # Please submit pull requests against the salt-bootstrap repo: # https://github.com/saltstack/salt-bootstrap - +# shellcheck disable=SC2317 +# shellcheck disable=SC2086 +# shellcheck disable=SC2329 +# #====================================================================================================================== # vim: softtabstop=4 shiftwidth=4 expandtab fenc=utf-8 spell spelllang=en cc=120 #====================================================================================================================== @@ -14,7 +17,7 @@ # # BUGS: https://github.com/saltstack/salt-bootstrap/issues # -# COPYRIGHT: (c) 2012-2022 by the SaltStack Team, see AUTHORS.rst for more +# COPYRIGHT: (c) 2012-2024 by the SaltStack Team, see AUTHORS.rst for more # details. # # LICENSE: Apache 2.0 @@ -23,7 +26,7 @@ #====================================================================================================================== set -o nounset # Treat unset variables as an error -__ScriptVersion="2022.08.13" +__ScriptVersion="2024.11.29" __ScriptName="bootstrap-salt.sh" __ScriptFullName="$0" @@ -121,16 +124,35 @@ __check_command_exists() { command -v "$1" > /dev/null 2>&1 } +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __check_services_systemd_functional +# DESCRIPTION: Set _SYSTEMD_FUNCTIONAL = BS_TRUE or BS_FALSE case where systemd is functional (for example: container may not have systemd) +#---------------------------------------------------------------------------------------------------------------------- +__check_services_systemd_functional() { + + # check if systemd is functional, having systemctl present is insufficient + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_FALSE ]; then + # already determined systemd is not functional, default is 1 + return + fi + + if __check_command_exists systemctl; then + # shellcheck disable=SC2034 + _SYSTEMD_HELP="$(systemctl --help)" + else + _SYSTEMD_FUNCTIONAL=$BS_FALSE + echoerror "systemctl: command not found, assume systemd not implemented, _SYSTEMD_FUNCTIONAL $_SYSTEMD_FUNCTIONAL" + fi +} # ---------- end of function __check_services_systemd_functional ---------- + #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __check_pip_allowed # DESCRIPTION: Simple function to let the users know that -P needs to be used. #---------------------------------------------------------------------------------------------------------------------- __check_pip_allowed() { - if [ $# -eq 1 ]; then - _PIP_ALLOWED_ERROR_MSG=$1 - else - _PIP_ALLOWED_ERROR_MSG="pip based installations were not allowed. Retry using '-P'" - fi + + _PIP_ALLOWED_ERROR_MSG="pip based installations were not allowed. Retry using '-P'" if [ "$_PIP_ALLOWED" -eq $BS_FALSE ]; then echoerror "$_PIP_ALLOWED_ERROR_MSG" @@ -199,6 +221,7 @@ __check_config_dir() { # DESCRIPTION: Checks the placed after the install arguments #---------------------------------------------------------------------------------------------------------------------- __check_unparsed_options() { + shellopts="$1" # grep alternative for SunOS if [ -f /usr/xpg4/bin/grep ]; then @@ -224,11 +247,11 @@ _KEEP_TEMP_FILES=${BS_KEEP_TEMP_FILES:-$BS_FALSE} _TEMP_CONFIG_DIR="null" _SALTSTACK_REPO_URL="https://github.com/saltstack/salt.git" _SALT_REPO_URL=${_SALTSTACK_REPO_URL} -_DOWNSTREAM_PKG_REPO=$BS_FALSE _TEMP_KEYS_DIR="null" _SLEEP="${__DEFAULT_SLEEP}" _INSTALL_MASTER=$BS_FALSE _INSTALL_SYNDIC=$BS_FALSE +_INSTALL_SALT_API=$BS_FALSE _INSTALL_MINION=$BS_TRUE _INSTALL_CLOUD=$BS_FALSE _VIRTUALENV_DIR=${BS_VIRTUALENV_DIR:-"null"} @@ -267,15 +290,16 @@ _CUSTOM_REPO_URL="null" _CUSTOM_MASTER_CONFIG="null" _CUSTOM_MINION_CONFIG="null" _QUIET_GIT_INSTALLATION=$BS_FALSE -_REPO_URL="repo.saltproject.io" -_ONEDIR_DIR="salt" +_REPO_URL="packages.broadcom.com/artifactory" _PY_EXE="python3" -_INSTALL_PY="$BS_FALSE" -_TORNADO_MAX_PY3_VERSION="5.0" -_POST_NEON_INSTALL=$BS_FALSE _MINIMUM_PIP_VERSION="9.0.1" -_MINIMUM_SETUPTOOLS_VERSION="9.1" -_POST_NEON_PIP_INSTALL_ARGS="--prefix=/usr" +_MINIMUM_SETUPTOOLS_VERSION="65.6.3" +_MAXIMUM_SETUPTOOLS_VERSION="69.0" +_PIP_INSTALL_ARGS="--prefix=/usr" +_PIP_DOWNLOAD_ARGS="" +_QUICK_START="$BS_FALSE" +_AUTO_ACCEPT_MINION_KEYS="$BS_FALSE" +_SYSTEMD_FUNCTIONAL=$BS_TRUE # Defaults for install arguments ITYPE="stable" @@ -294,9 +318,9 @@ __usage() { - stable Install latest stable release. This is the default install type - stable [branch] Install latest version on a branch. Only supported - for packages available at repo.saltproject.io + for packages available at packages.broadcom.com - stable [version] Install a specific version. Only supported for - packages available at repo.saltproject.io + packages available at packages.broadcom.com To pin a 3xxx minor version, specify it as 3xxx.0 - testing RHEL-family specific: configure EPEL testing repo - git Install from the head of the master branch @@ -304,26 +328,29 @@ __usage() { commit) - onedir Install latest onedir release. - onedir [version] Install a specific version. Only supported for - onedir packages available at repo.saltproject.io + onedir packages available at packages.broadcom.com - onedir_rc Install latest onedir RC release. - onedir_rc [version] Install a specific version. Only supported for - onedir RC packages available at repo.saltproject.io + onedir RC packages available at packages.broadcom.com Examples: - ${__ScriptName} - ${__ScriptName} stable - - ${__ScriptName} stable 2017.7 - - ${__ScriptName} stable 2017.7.2 + - ${__ScriptName} stable 3006 + - ${__ScriptName} stable 3006.1 - ${__ScriptName} testing - ${__ScriptName} git - - ${__ScriptName} git 2017.7 - - ${__ScriptName} git v2017.7.2 + - ${__ScriptName} git 3006.7 + - ${__ScriptName} git v3006.8 + - ${__ScriptName} git 3007.1 + - ${__ScriptName} git v3007.1 - ${__ScriptName} git 06f249901a2e2f1ed310d58ea3921a129f214358 - ${__ScriptName} onedir - - ${__ScriptName} onedir 3005 + - ${__ScriptName} onedir 3006 - ${__ScriptName} onedir_rc - - ${__ScriptName} onedir_rc 3005 + - ${__ScriptName} onedir_rc 3008 + Options: -a Pip install all Python pkg dependencies for Salt. Requires -V to install @@ -336,7 +363,7 @@ __usage() { step. -c Temporary configuration directory -C Only run the configuration function. Implies -F (forced overwrite). - To overwrite Master or Syndic configs, -M or -S, respectively, must + To overwrite Master, Syndic or Api configs, -M,-S or -W, respectively, must also be specified. Salt installation will be ommitted, but some of the dependencies could be installed to write configuration with -j or -J. -d Disables checking if Salt services are enabled to start on system boot. @@ -384,11 +411,13 @@ __usage() { resort method. NOTE: This only works for functions which actually implement pip based installations. -q Quiet salt installation from git (setup.py install -q) + -Q Quickstart, install the Salt master and the Salt minion. + And automatically accept the minion key. -R Specify a custom repository URL. Assumes the custom repository URL points to a repository that mirrors Salt packages located at - repo.saltproject.io. The option passed with -R replaces the - "repo.saltproject.io". If -R is passed, -r is also set. Currently only - works on CentOS/RHEL and Debian based distributions. + packages.broadcom.com. The option passed with -R replaces the + "packages.broadcom.com". If -R is passed, -r is also set. Currently only + works on CentOS/RHEL and Debian based distributions and macOS. -s Sleep time used when waiting for daemons to start, restart and when checking for the services running. Default: ${__DEFAULT_SLEEP} -S Also install salt-syndic @@ -399,26 +428,15 @@ __usage() { -v Display script version -V Install Salt into virtualenv (only available for Ubuntu based distributions) - -w Install packages from downstream package repository rather than - upstream, saltstack package repository. This is currently only - implemented for SUSE. - -x Changes the Python version used to install Salt. - For CentOS 6 git installations python2.7 is supported. - Fedora git installation, CentOS 7, Debian 9, Ubuntu 16.04 and 18.04 support python3. + -W Also install salt-api + -x Changes the Python version used to install Salt (default: Python 3). + Python 2.7 is no longer supported. -X Do not start daemons after installation - -y Installs a different python version on host. Currently this has only been - tested with CentOS 6 and is considered experimental. This will install the - ius repo on the box if disable repo is false. This must be used in conjunction - with -x . For example: - sh bootstrap.sh -P -y -x python2.7 git v2017.7.2 - The above will install python27 and install the git version of salt using the - python2.7 executable. This only works for git and pip installations. EOT } # ---------- end of function __usage ---------- - -while getopts ':hvnDc:g:Gyx:wk:s:MSNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aq' opt +while getopts ':hvnDc:g:Gx:k:s:MSWNXCPFUKIA:i:Lp:dH:bflV:J:j:rR:aqQ' opt do case "${opt}" in @@ -434,11 +452,11 @@ do echowarn "No need to provide this option anymore, now it is a default behavior." ;; - w ) _DOWNSTREAM_PKG_REPO=$BS_TRUE ;; k ) _TEMP_KEYS_DIR="$OPTARG" ;; s ) _SLEEP=$OPTARG ;; M ) _INSTALL_MASTER=$BS_TRUE ;; S ) _INSTALL_SYNDIC=$BS_TRUE ;; + W ) _INSTALL_SALT_API=$BS_TRUE ;; N ) _INSTALL_MINION=$BS_FALSE ;; X ) _START_DAEMONS=$BS_FALSE ;; C ) _CONFIG_ONLY=$BS_TRUE ;; @@ -463,8 +481,8 @@ do J ) _CUSTOM_MASTER_CONFIG=$OPTARG ;; j ) _CUSTOM_MINION_CONFIG=$OPTARG ;; q ) _QUIET_GIT_INSTALLATION=$BS_TRUE ;; + Q ) _QUICK_START=$BS_TRUE ;; x ) _PY_EXE="$OPTARG" ;; - y ) _INSTALL_PY="$BS_TRUE" ;; \?) echo echoerror "Option does not exist : $OPTARG" @@ -476,7 +494,6 @@ do done shift $((OPTIND-1)) - # Define our logging file and pipe paths LOGFILE="/tmp/$( echo "$__ScriptName" | sed s/.sh/.log/g )" LOGPIPE="/tmp/$( echo "$__ScriptName" | sed s/.sh/.logpipe/g )" @@ -527,8 +544,8 @@ __exit_cleanup() { echodebug "Cleaning up the Salt Temporary Git Repository" # shellcheck disable=SC2164 cd "${__SALT_GIT_CHECKOUT_PARENT_DIR}" - rm -rf "${_SALT_GIT_CHECKOUT_DIR}" - #rm -rf "${_SALT_GIT_CHECKOUT_DIR}/deps" + rm -fR "${_SALT_GIT_CHECKOUT_DIR}" + #rm -fR "${_SALT_GIT_CHECKOUT_DIR}/deps" else echowarn "Not cleaning up the Salt Temporary git repository on request" echowarn "Note that if you intend to re-run this script using the git approach, you might encounter some issues" @@ -585,6 +602,15 @@ echoinfo "Running version: ${__ScriptVersion}" echoinfo "Executed by: ${CALLER}" echoinfo "Command line: '${__ScriptFullName} ${__ScriptArgs}'" +# Defaults +STABLE_REV="latest" +ONEDIR_REV="latest" +_ONEDIR_REV="latest" +YUM_REPO_FILE="/etc/yum.repos.d/salt.repo" + +# check if systemd is functional +__check_services_systemd_functional + # Define installation type if [ "$#" -gt 0 ];then __check_unparsed_options "$*" @@ -593,13 +619,24 @@ if [ "$#" -gt 0 ];then fi # Check installation type -if [ "$(echo "$ITYPE" | grep -E '(stable|testing|git|onedir|onedir_rc)')" = "" ]; then +if [ "$(echo "$ITYPE" | grep -E '(latest|default|stable|testing|git|onedir|onedir_rc)')" = "" ]; then echoerror "Installation type \"$ITYPE\" is not known..." exit 1 fi +## allows GitHub Actions CI/CD easier handling of latest and default +if [ "$ITYPE" = "latest" ] || [ "$ITYPE" = "default" ]; then + STABLE_REV="latest" + ONEDIR_REV="latest" + _ONEDIR_REV="latest" + ITYPE="onedir" + if [ "$#" -gt 0 ];then + shift + fi + echodebug "using ITYPE onedir for input 'latest' or 'default', cmd args left ,$#," + # If doing a git install, check what branch/tag/sha will be checked out -if [ "$ITYPE" = "git" ]; then +elif [ "$ITYPE" = "git" ]; then if [ "$#" -eq 0 ];then GIT_REV="master" else @@ -614,19 +651,24 @@ if [ "$ITYPE" = "git" ]; then elif [ "$ITYPE" = "stable" ]; then if [ "$#" -eq 0 ];then STABLE_REV="latest" + ONEDIR_REV="latest" + _ONEDIR_REV="latest" + ITYPE="onedir" else - if [ "$(echo "$1" | grep -E '^(latest|1\.6|1\.7|2014\.1|2014\.7|2015\.5|2015\.8|2016\.3|2016\.11|2017\.7|2018\.3|2019\.2|3000|3001|3002|3003|3004|3005)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then STABLE_REV="$1" + ONEDIR_REV="$1" + _ONEDIR_REV="$1" + ITYPE="onedir" shift - elif [ "$(echo "$1" | grep -E '^(2[0-9]*\.[0-9]*\.[0-9]*|[3-9][0-9]{3}(\.[0-9]*)?)$')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - STABLE_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - if [ "$(uname)" != "Darwin" ]; then - STABLE_REV="archive/$STABLE_REV" - fi + elif [ "$(echo "$1" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + STABLE_REV="$1" + ONEDIR_REV="$1" + _ONEDIR_REV="$1" + ITYPE="onedir" shift else - echo "Unknown stable version: $1 (valid: 1.6, 1.7, 2014.1, 2014.7, 2015.5, 2015.8, 2016.3, 2016.11, 2017.7, 2018.3, 2019.2, 3000, 3001, 3002, 3003, 3004, 3005, latest, \$MAJOR.\$MINOR.\$PATCH until 2019.2, \$MAJOR or \$MAJOR.\$PATCH starting from 3000)" + echo "Unknown stable version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available" exit 1 fi fi @@ -634,44 +676,79 @@ elif [ "$ITYPE" = "stable" ]; then elif [ "$ITYPE" = "onedir" ]; then if [ "$#" -eq 0 ];then ONEDIR_REV="latest" + STABLE_REV="latest" else - if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then ONEDIR_REV="$1" + STABLE_REV="$1" shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}(\.[0-9]*)?)$')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$ONEDIR_REV" + elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}(\.[0-9]*)?)')" != "" ]; then + ONEDIR_REV="$1" + STABLE_REV="$1" shift else - echo "Unknown stable version: $1 (valid: 3005, latest.)" + echo "Unknown onedir version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available" exit 1 fi fi elif [ "$ITYPE" = "onedir_rc" ]; then - # Change the _ONEDIR_DIR to be the location for the RC packages - _ONEDIR_DIR="salt_rc/salt" + echoerror "RC Releases are not supported at this time" + +## # Change the _ONEDIR_DIR to be the location for the RC packages +## _ONEDIR_DIR="salt_rc/salt" +## +## # Change ITYPE to onedir so we use the regular onedir functions +## ITYPE="onedir" +## +## if [ "$#" -eq 0 ];then +## ONEDIR_REV="latest" +## else +## if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then +## ONEDIR_REV="$1" +## shift +## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then +## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix +## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') +## ## ONEDIR_REV="minor/$1" don't have minor directory anymore +## ONEDIR_REV="$1" +## shift +## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}\.[0-9]?rc[0-9]$)')" != "" ]; then +## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix +## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') +## ## ONEDIR_REV="minor/$1" don't have minor directory anymore +## ONEDIR_REV="$1" +## shift +## else +## echo "Unknown onedir_rc version: $1 (valid: 3006-8, 3007-1, latest)" +## exit 1 +## fi +## fi +fi - # Change ITYPE to onedir so we use the regular onedir functions - ITYPE="onedir" +# Doing a quick start, so install master +# set master address to 127.0.0.1 +if [ "$_QUICK_START" -eq "$BS_TRUE" ]; then + # make install type is stable + ITYPE="stable" - if [ "$#" -eq 0 ];then - ONEDIR_REV="latest" - else - if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then - ONEDIR_REV="$1" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$1" - shift - else - echo "Unknown stable version: $1 (valid: 3005, latest.)" - exit 1 - fi - fi + # make sure the revision is latest + STABLE_REV="latest" + ONEDIR_REV="latest" + + # make sure we're installing the master + _INSTALL_MASTER=$BS_TRUE + + # override incase install minion + # is set to false + _INSTALL_MINION=$BS_TRUE + + # Set master address to loopback IP + _SALT_MASTER_ADDRESS="127.0.0.1" + + # Auto accept the minion key + # when the install is done. + _AUTO_ACCEPT_MINION_KEYS=$BS_TRUE fi # Check for any unparsed arguments. Should be an error. @@ -696,7 +773,7 @@ if [ "$($whoami)" != "root" ]; then fi # Check that we're actually installing one of minion/master/syndic -if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then +if [ "$_INSTALL_MINION" -eq $BS_FALSE ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && [ "$_INSTALL_SALT_API" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then echowarn "Nothing to install or configure" exit 1 fi @@ -729,6 +806,12 @@ if [ "$_CUSTOM_MINION_CONFIG" != "null" ]; then fi fi + +# Default to Python 3, no longer support for Python 2 +PY_PKG_VER=3 +_PY_PKG_VER="python3" +_PY_MAJOR_VERSION="3" + # Check if we're installing via a different Python executable and set major version variables if [ -n "$_PY_EXE" ]; then if [ "$(uname)" = "Darwin" ]; then @@ -737,19 +820,21 @@ if [ -n "$_PY_EXE" ]; then _PY_PKG_VER=$(echo "$_PY_EXE" | sed -E "s/\\.//g") fi - _PY_MAJOR_VERSION=$(echo "$_PY_PKG_VER" | cut -c 7) - if [ "$_PY_MAJOR_VERSION" != 3 ] && [ "$_PY_MAJOR_VERSION" != 2 ]; then - echoerror "Detected -x option, but Python major version is not 2 or 3." - echoerror "The -x option must be passed as python2, python27, or python2.7 (or use the Python '3' versions of examples)." + TEST_PY_MAJOR_VERSION=$(echo "$_PY_PKG_VER" | cut -c 7) + if [ "$TEST_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 + fi + + if [ "$TEST_PY_MAJOR_VERSION" != 3 ]; then + echoerror "Detected -x option, but Python major version is not 3." + echoerror "The -x option must be passed as python3, python38, or python3.8 (use the Python '3' versions of examples)." exit 1 fi if [ "$_PY_EXE" != "python3" ]; then echoinfo "Detected -x option. Using $_PY_EXE to install Salt." fi -else - _PY_PKG_VER="" - _PY_MAJOR_VERSION="" fi # If the configuration directory or archive does not exist, error out @@ -766,7 +851,7 @@ fi # -a and -V only work from git if [ "$ITYPE" != "git" ]; then - if [ $_PIP_ALL -eq $BS_TRUE ]; then + if [ "$_PIP_ALL" -eq $BS_TRUE ]; then echoerror "Pip installing all python packages with -a is only possible when installing Salt via git" exit 1 fi @@ -776,7 +861,7 @@ if [ "$ITYPE" != "git" ]; then fi fi -# Set the _REPO_URL value based on if -R was passed or not. Defaults to repo.saltproject.io. +# Set the _REPO_URL value based on if -R was passed or not. Defaults to packages.broadcom.com/artifactory if [ "$_CUSTOM_REPO_URL" != "null" ]; then _REPO_URL="$_CUSTOM_REPO_URL" @@ -847,6 +932,7 @@ fi # DESCRIPTION: Retrieves a URL and writes it to a given path #---------------------------------------------------------------------------------------------------------------------- __fetch_url() { + # shellcheck disable=SC2086 curl $_CURL_ARGS -L -s -f -o "$1" "$2" >/dev/null 2>&1 || wget $_WGET_ARGS -q -O "$1" "$2" >/dev/null 2>&1 || @@ -861,6 +947,7 @@ __fetch_url() { # DESCRIPTION: Retrieves a URL, verifies its content and writes it to standard output #---------------------------------------------------------------------------------------------------------------------- __fetch_verify() { + fetch_verify_url="$1" fetch_verify_sum="$2" fetch_verify_size="$3" @@ -877,6 +964,19 @@ __fetch_verify() { return 1 } +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __check_url_exists +# DESCRIPTION: Checks if a URL exists +#---------------------------------------------------------------------------------------------------------------------- +__check_url_exists() { + + _URL="$1" + if curl --output /dev/null --silent --fail "${_URL}"; then + return 0 + else + return 1 + fi +} #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __gather_hardware_info # DESCRIPTION: Discover hardware information @@ -946,17 +1046,12 @@ __derive_debian_numeric_version() { INPUT_VERSION="$(cat /etc/debian_version)" fi if [ -z "$NUMERIC_VERSION" ]; then - if [ "$INPUT_VERSION" = "wheezy/sid" ]; then - # I've found an EC2 wheezy image which did not tell its version - NUMERIC_VERSION=$(__parse_version_string "7.0") - elif [ "$INPUT_VERSION" = "jessie/sid" ]; then - NUMERIC_VERSION=$(__parse_version_string "8.0") - elif [ "$INPUT_VERSION" = "stretch/sid" ]; then - NUMERIC_VERSION=$(__parse_version_string "9.0") - elif [ "$INPUT_VERSION" = "buster/sid" ]; then - NUMERIC_VERSION=$(__parse_version_string "10.0") - elif [ "$INPUT_VERSION" = "bullseye/sid" ]; then + if [ "$INPUT_VERSION" = "bullseye/sid" ]; then NUMERIC_VERSION=$(__parse_version_string "11.0") + elif [ "$INPUT_VERSION" = "bookworm/sid" ]; then + NUMERIC_VERSION=$(__parse_version_string "12.0") + elif [ "$INPUT_VERSION" = "trixie/sid" ]; then + NUMERIC_VERSION=$(__parse_version_string "13.0") else echowarn "Unable to parse the Debian Version (codename: '$INPUT_VERSION')" fi @@ -1040,6 +1135,7 @@ __gather_linux_system_info() { DISTRO_VERSION="" # Let's test if the lsb_release binary is available + # shellcheck disable=SC2327,SC2328 rv=$(lsb_release >/dev/null 2>&1) # shellcheck disable=SC2181 @@ -1097,7 +1193,7 @@ __gather_linux_system_info() { # We already have the distribution name and version return fi - # shellcheck disable=SC2035,SC2086 + # shellcheck disable=SC2035,SC2086,SC2269 for rsource in $(__sort_release_files "$( cd /etc && /bin/ls *[_-]release *[_-]version 2>/dev/null | env -i sort | \ sed -e '/^redhat-release$/d' -e '/^lsb-release$/d'; \ @@ -1199,127 +1295,6 @@ __gather_linux_system_info() { } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __install_python() -# DESCRIPTION: Install a different version of python on a host. Currently this has only been tested on CentOS 6 and -# is considered experimental. -#---------------------------------------------------------------------------------------------------------------------- -__install_python() { - if [ "$_PY_EXE" = "" ]; then - echoerror "Must specify -x with -y to install a specific python version" - exit 1 - fi - - __PACKAGES="$_PY_PKG_VER" - - if [ ${_DISABLE_REPOS} -eq ${BS_FALSE} ]; then - echoinfo "Attempting to install a repo to help provide a separate python package" - echoinfo "$DISTRO_NAME_L" - case "$DISTRO_NAME_L" in - "red_hat"|"centos") - __PYTHON_REPO_URL="https://repo.ius.io/ius-release-el${DISTRO_MAJOR_VERSION}.rpm" - ;; - *) - echoerror "Installing a repo to provide a python package is only supported on Redhat/CentOS. - If a repo is already available, please try running script with -r." - exit 1 - ;; - esac - - echoinfo "Installing IUS repo" - __yum_install_noinput "${__PYTHON_REPO_URL}" || return 1 - fi - - echoinfo "Installing ${__PACKAGES}" - __yum_install_noinput "${__PACKAGES}" || return 1 -} - - -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __gather_sunos_system_info -# DESCRIPTION: Discover SunOS system info -#---------------------------------------------------------------------------------------------------------------------- -__gather_sunos_system_info() { - if [ -f /sbin/uname ]; then - DISTRO_VERSION=$(/sbin/uname -X | awk '/[kK][eE][rR][nN][eE][lL][iI][dD]/ { print $3 }') - fi - - DISTRO_NAME="" - if [ -f /etc/release ]; then - while read -r line; do - [ "${DISTRO_NAME}" != "" ] && break - case "$line" in - *OpenIndiana*oi_[0-9]*) - DISTRO_NAME="OpenIndiana" - DISTRO_VERSION=$(echo "$line" | sed -nE "s/OpenIndiana(.*)oi_([[:digit:]]+)(.*)/\\2/p") - break - ;; - *OpenSolaris*snv_[0-9]*) - DISTRO_NAME="OpenSolaris" - DISTRO_VERSION=$(echo "$line" | sed -nE "s/OpenSolaris(.*)snv_([[:digit:]]+)(.*)/\\2/p") - break - ;; - *Oracle*Solaris*[0-9]*) - DISTRO_NAME="Oracle Solaris" - DISTRO_VERSION=$(echo "$line" | sed -nE "s/(Oracle Solaris) ([[:digit:]]+)(.*)/\\2/p") - break - ;; - *Solaris*) - DISTRO_NAME="Solaris" - # Let's make sure we not actually on a Joyent's SmartOS VM since some releases - # don't have SmartOS in `/etc/release`, only `Solaris` - if uname -v | grep joyent >/dev/null 2>&1; then - DISTRO_NAME="SmartOS" - fi - break - ;; - *NexentaCore*) - DISTRO_NAME="Nexenta Core" - break - ;; - *SmartOS*) - DISTRO_NAME="SmartOS" - break - ;; - *OmniOS*) - DISTRO_NAME="OmniOS" - DISTRO_VERSION=$(echo "$line" | awk '{print $3}') - _SIMPLIFY_VERSION=$BS_FALSE - break - ;; - esac - done < /etc/release - fi - - if [ "${DISTRO_NAME}" = "" ]; then - DISTRO_NAME="Solaris" - DISTRO_VERSION=$( - echo "${OS_VERSION}" | - sed -e 's;^4\.;1.;' \ - -e 's;^5\.\([0-6]\)[^0-9]*$;2.\1;' \ - -e 's;^5\.\([0-9][0-9]*\).*;\1;' - ) - fi - - if [ "${DISTRO_NAME}" = "SmartOS" ]; then - VIRTUAL_TYPE="smartmachine" - if [ "$(zonename)" = "global" ]; then - VIRTUAL_TYPE="global" - fi - fi -} - - -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __gather_bsd_system_info -# DESCRIPTION: Discover OpenBSD, NetBSD and FreeBSD systems information -#---------------------------------------------------------------------------------------------------------------------- -__gather_bsd_system_info() { - DISTRO_NAME=${OS_NAME} - DISTRO_VERSION=$(echo "${OS_VERSION}" | sed -e 's;[()];;' -e 's/-.*$//') -} - - #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __gather_osx_system_info # DESCRIPTION: Discover MacOS X @@ -1339,12 +1314,6 @@ __gather_system_info() { linux ) __gather_linux_system_info ;; - sunos ) - __gather_sunos_system_info - ;; - openbsd|freebsd|netbsd ) - __gather_bsd_system_info - ;; darwin ) __gather_osx_system_info ;; @@ -1365,19 +1334,23 @@ __gather_system_info() { #---------------------------------------------------------------------------------------------------------------------- # shellcheck disable=SC2034 __ubuntu_derivatives_translation() { - UBUNTU_DERIVATIVES="(trisquel|linuxmint|linaro|elementary_os|neon)" + UBUNTU_DERIVATIVES="(trisquel|linuxmint|elementary_os|pop|neon)" # Mappings - trisquel_6_ubuntu_base="12.04" - linuxmint_13_ubuntu_base="12.04" - linuxmint_17_ubuntu_base="14.04" - linuxmint_18_ubuntu_base="16.04" - linuxmint_19_ubuntu_base="18.04" - linuxmint_20_ubuntu_base="20.04" - linaro_12_ubuntu_base="12.04" - elementary_os_02_ubuntu_base="12.04" - neon_16_ubuntu_base="16.04" - neon_18_ubuntu_base="18.04" + trisquel_10_ubuntu_base="20.04" + trisquel_11_ubuntu_base="22.04" + trisquel_12_ubuntu_base="24.04" neon_20_ubuntu_base="20.04" + neon_22_ubuntu_base="22.04" + neon_24_ubuntu_base="24.04" + linuxmint_20_ubuntu_base="20.04" + linuxmint_21_ubuntu_base="22.04" + linuxmint_22_ubuntu_base="24.04" + elementary_os_06_ubuntu_base="20.04" + elementary_os_07_ubuntu_base="22.04" + elementary_os_08_ubuntu_base="24.04" + pop_20_ubuntu_base="22.04" + pop_22_ubuntu_base="22.04" + pop_24_ubuntu_base="24.04" # Translate Ubuntu derivatives to their base Ubuntu version match=$(echo "$DISTRO_NAME_L" | grep -E ${UBUNTU_DERIVATIVES}) @@ -1420,38 +1393,24 @@ __check_dpkg_architecture() { return 1 fi - __REPO_ARCH="$DPKG_ARCHITECTURE" - __REPO_ARCH_DEB='deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg]' __return_code=0 case $DPKG_ARCHITECTURE in "i386") - error_msg="$_REPO_URL likely doesn't have all required 32-bit packages for $DISTRO_NAME $DISTRO_MAJOR_VERSION." + error_msg="$_REPO_URL likely doesn't have required 32-bit packages for $DISTRO_NAME $DISTRO_MAJOR_VERSION." # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location - __REPO_ARCH="amd64" + __return_code=1 ;; "amd64") error_msg="" ;; "arm64") - if [ "$_CUSTOM_REPO_URL" != "null" ]; then - warn_msg="Support for arm64 is experimental, make sure the custom repository used has the expected structure and contents." - else - # Saltstack official repository does not yet have arm64 metadata, - # use amd64 repositories on arm64, since all pkgs are arch-independent - __REPO_ARCH="amd64" - __REPO_ARCH_DEB="deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=$__REPO_ARCH]" - warn_msg="Support for arm64 packages is experimental and might rely on architecture-independent packages from the amd64 repository." - fi + # Saltstack official repository has full arm64 support since 3006 error_msg="" ;; "armhf") - if [ "$DISTRO_NAME_L" = "ubuntu" ] || [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then - error_msg="Support for armhf packages at $_REPO_URL is limited to Debian/Raspbian 8 platforms." - __return_code=1 - else - error_msg="" - fi + error_msg="$_REPO_URL doesn't have packages for your system architecture: $DPKG_ARCHITECTURE." + __return_code=1 ;; *) error_msg="$_REPO_URL doesn't have packages for your system architecture: $DPKG_ARCHITECTURE." @@ -1467,10 +1426,10 @@ __check_dpkg_architecture() { if [ "${error_msg}" != "" ]; then echoerror "${error_msg}" if [ "$ITYPE" != "git" ]; then - echoerror "You can try git installation mode, i.e.: sh ${__ScriptName} git v2017.7.2." + echoerror "You can try git installation mode, i.e.: sh ${__ScriptName} git v3006.6." echoerror "It may be necessary to use git installation mode with pip and disable the SaltStack apt repository." echoerror "For example:" - echoerror " sh ${__ScriptName} -r -P git v2017.7.2" + echoerror " sh ${__ScriptName} -r -P git v3006.6" fi fi @@ -1522,8 +1481,14 @@ __ubuntu_codename_translation() { "22") DISTRO_CODENAME="jammy" ;; + "23") + DISTRO_CODENAME="lunar" + ;; + "24") + DISTRO_CODENAME="noble" + ;; *) - DISTRO_CODENAME="trusty" + DISTRO_CODENAME="noble" ;; esac } @@ -1542,20 +1507,21 @@ __debian_derivatives_translation() { DEBIAN_DERIVATIVES="(cumulus|devuan|kali|linuxmint|raspbian|bunsenlabs|turnkey)" # Mappings - cumulus_2_debian_base="7.0" - cumulus_3_debian_base="8.0" - cumulus_4_debian_base="10.0" - devuan_1_debian_base="8.0" - devuan_2_debian_base="9.0" + cumulus_5_debian_base="11.0" + cumulus_6_debian_base="12.0" + devuan_4_debian_base="11.0" + devuan_5_debian_base="12.0" kali_1_debian_base="7.0" kali_2021_debian_base="10.0" - linuxmint_1_debian_base="8.0" - raspbian_8_debian_base="8.0" - raspbian_9_debian_base="9.0" - raspbian_10_debian_base="10.0" + linuxmint_4_debian_base="11.0" + linuxmint_5_debian_base="12.0" raspbian_11_debian_base="11.0" + raspbian_12_debian_base="12.0" bunsenlabs_9_debian_base="9.0" - turnkey_9_debian_base="9.0" + bunsenlabs_11_debian_base="11.0" + bunsenlabs_12_debian_base="12.0" + turnkey_11_debian_base="11.0" + turnkey_12_debian_base="12.0" # Translate Debian derivatives to their base Debian version match=$(echo "$DISTRO_NAME_L" | grep -E ${DEBIAN_DERIVATIVES}) @@ -1621,8 +1587,11 @@ __debian_codename_translation() { "11") DISTRO_CODENAME="bullseye" ;; + "12") + DISTRO_CODENAME="bookworm" + ;; *) - DISTRO_CODENAME="stretch" + DISTRO_CODENAME="bookworm" ;; esac } @@ -1635,8 +1604,8 @@ __debian_codename_translation() { __check_end_of_life_versions() { case "${DISTRO_NAME_L}" in debian) - # Debian versions below 9 are not supported - if [ "$DISTRO_MAJOR_VERSION" -lt 9 ]; then + # Debian versions below 11 are not supported + if [ "$DISTRO_MAJOR_VERSION" -lt 11 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://wiki.debian.org/DebianReleases" @@ -1647,18 +1616,18 @@ __check_end_of_life_versions() { ubuntu) # Ubuntu versions not supported # - # < 16.04 - # = 16.10 - # = 17.04, 17.10 - # = 18.10 - # = 19.04, 19.10 + # < 20.04 # = 20.10 - if [ "$DISTRO_MAJOR_VERSION" -lt 16 ] || \ - [ "$DISTRO_MAJOR_VERSION" -eq 17 ] || \ - [ "$DISTRO_MAJOR_VERSION" -eq 19 ] || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 16 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 18 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then + # = 21.04, 21.10 + # = 22.10 + # = 23.04, 23.10 + if [ "$DISTRO_MAJOR_VERSION" -lt 20 ] || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 21 ] && [ "$DISTRO_MINOR_VERSION" -eq 04 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 21 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 23 ] && [ "$DISTRO_MINOR_VERSION" -eq 04 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 23 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://wiki.ubuntu.com/Releases" @@ -1702,8 +1671,8 @@ __check_end_of_life_versions() { ;; fedora) - # Fedora lower than 33 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 33 ]; then + # Fedora lower than 38 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 39 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://fedoraproject.org/wiki/Releases" @@ -1712,8 +1681,8 @@ __check_end_of_life_versions() { ;; centos) - # CentOS versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # CentOS versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " http://wiki.centos.org/Download" @@ -1722,8 +1691,8 @@ __check_end_of_life_versions() { ;; red_hat*linux) - # Red Hat (Enterprise) Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Red Hat (Enterprise) Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://access.redhat.com/support/policy/updates/errata/" @@ -1732,8 +1701,8 @@ __check_end_of_life_versions() { ;; oracle*linux) - # Oracle Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Oracle Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " http://www.oracle.com/us/support/library/elsp-lifetime-069338.pdf" @@ -1742,8 +1711,8 @@ __check_end_of_life_versions() { ;; scientific*linux) - # Scientific Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Scientific Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://www.scientificlinux.org/downloads/sl-versions/" @@ -1752,8 +1721,8 @@ __check_end_of_life_versions() { ;; cloud*linux) - # Cloud Linux versions lower than 7 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then + # Cloud Linux versions lower than 8 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://docs.cloudlinux.com/index.html?cloudlinux_life-cycle.html" @@ -1772,20 +1741,11 @@ __check_end_of_life_versions() { fi ;; - freebsd) - # FreeBSD versions lower than 11 are EOL - if [ "$DISTRO_MAJOR_VERSION" -lt 11 ]; then - echoerror "Versions lower than FreeBSD 11 are EOL and no longer supported." - exit 1 - fi - ;; - *) ;; esac } - __gather_system_info echo @@ -1860,8 +1820,16 @@ if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then fi fi +if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + if [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then + echoinfo "Installing salt api" + else + echoinfo "Configuring salt api" + fi +fi + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then - echoinfo "Installing salt-cloud and required python-libcloud package" + echoinfo "Installing salt-cloud and required python3-libcloud package" fi if [ $_START_DAEMONS -eq $BS_FALSE ]; then @@ -1905,20 +1873,14 @@ fi if [ "$ITYPE" = "git" ]; then if [ "${GIT_REV}" = "master" ]; then - _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="MATCH" else case ${OS_NAME_L} in - openbsd|freebsd|netbsd|darwin ) + darwin ) __NEW_VS_TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed -E 's/^(v?3[0-9]{3}(\.[0-9]{1,2})?).*$/MATCH/') if [ "$__NEW_VS_TAG_REGEX_MATCH" = "MATCH" ]; then - _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="${__NEW_VS_TAG_REGEX_MATCH}" - if [ "$(echo "${GIT_REV}" | cut -c -1)" != "v" ]; then - # We do this to properly clone tags - GIT_REV="v${GIT_REV}" - fi - echodebug "Post Neon Tag Regex Match On: ${GIT_REV}" + echodebug "Tag Regex Match On: ${GIT_REV}" else __TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed -E 's/^(v?[0-9]{1,4}\.[0-9]{1,2})(\.[0-9]{1,2})?.*$/MATCH/') echodebug "Pre Neon Tag Regex Match On: ${GIT_REV}" @@ -1927,13 +1889,8 @@ if [ "$ITYPE" = "git" ]; then * ) __NEW_VS_TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed 's/^.*\(v\?3[[:digit:]]\{3\}\(\.[[:digit:]]\{1,2\}\)\?\).*$/MATCH/') if [ "$__NEW_VS_TAG_REGEX_MATCH" = "MATCH" ]; then - _POST_NEON_INSTALL=$BS_TRUE __TAG_REGEX_MATCH="${__NEW_VS_TAG_REGEX_MATCH}" - if [ "$(echo "${GIT_REV}" | cut -c -1)" != "v" ]; then - # We do this to properly clone tags - GIT_REV="v${GIT_REV}" - fi - echodebug "Post Neon Tag Regex Match On: ${GIT_REV}" + echodebug "Tag Regex Match On: ${GIT_REV}" else __TAG_REGEX_MATCH=$(echo "${GIT_REV}" | sed 's/^.*\(v\?[[:digit:]]\{1,4\}\.[[:digit:]]\{1,2\}\)\(\.[[:digit:]]\{1,2\}\)\?.*$/MATCH/') echodebug "Pre Neon Tag Regex Match On: ${GIT_REV}" @@ -1942,18 +1899,16 @@ if [ "$ITYPE" = "git" ]; then esac fi - if [ "$_POST_NEON_INSTALL" -eq $BS_TRUE ]; then - echo - echowarn "Post Neon git based installations will always install salt" - echowarn "and its dependencies using pip which will be upgraded to" - echowarn "at least v${_MINIMUM_PIP_VERSION}, and, in case the setuptools version is also" - echowarn "too old, it will be upgraded to at least v${_MINIMUM_SETUPTOOLS_VERSION}" - echo - echowarn "You have 10 seconds to cancel and stop the bootstrap process..." - echo - sleep 10 - _PIP_ALLOWED=$BS_TRUE - fi + echo + echowarn "git based installations will always install salt" + echowarn "and its dependencies using pip which will be upgraded to" + echowarn "at least v${_MINIMUM_PIP_VERSION}, and, in case the setuptools version is also" + echowarn "too old, it will be upgraded to at least v${_MINIMUM_SETUPTOOLS_VERSION} and less than v${_MAXIMUM_SETUPTOOLS_VERSION}" + echo + echowarn "You have 10 seconds to cancel and stop the bootstrap process..." + echo + sleep 10 + _PIP_ALLOWED=$BS_TRUE fi @@ -1982,15 +1937,21 @@ __function_defined() { # process is finished so the script doesn't exit on a locked proc. #---------------------------------------------------------------------------------------------------------------------- __wait_for_apt(){ + # Timeout set at 15 minutes WAIT_TIMEOUT=900 + ## see if sync'ing the clocks helps + if [ -f /usr/sbin/hwclock ]; then + /usr/sbin/hwclock -s + fi + # Run our passed in apt command "${@}" 2>"$APT_ERR" APT_RETURN=$? # Make sure we're not waiting on a lock - while [ $APT_RETURN -ne 0 ] && grep -q '^E: Could not get lock' "$APT_ERR"; do + while [ "$APT_RETURN" -ne 0 ] && grep -q '^E: Could not get lock' "$APT_ERR"; do echoinfo "Aware of the lock. Patiently waiting $WAIT_TIMEOUT more seconds..." sleep 1 WAIT_TIMEOUT=$((WAIT_TIMEOUT - 1)) @@ -2014,6 +1975,7 @@ __wait_for_apt(){ # PARAMETERS: packages #---------------------------------------------------------------------------------------------------------------------- __apt_get_install_noinput() { + __wait_for_apt apt-get install -y -o DPkg::Options::=--force-confold "${@}"; return $? } # ---------- end of function __apt_get_install_noinput ---------- @@ -2023,6 +1985,7 @@ __apt_get_install_noinput() { # DESCRIPTION: (DRY) apt-get upgrade with noinput options #---------------------------------------------------------------------------------------------------------------------- __apt_get_upgrade_noinput() { + __wait_for_apt apt-get upgrade -y -o DPkg::Options::=--force-confold; return $? } # ---------- end of function __apt_get_upgrade_noinput ---------- @@ -2053,12 +2016,13 @@ __temp_gpg_pub() { # PARAMETERS: url #---------------------------------------------------------------------------------------------------------------------- __apt_key_fetch() { + url=$1 tempfile="$(__temp_gpg_pub)" - __fetch_url "$tempfile" "$url" || return 1 - cp -f "$tempfile" /usr/share/keyrings/salt-archive-keyring.gpg && chmod 644 /usr/share/keyrings/salt-archive-keyring.gpg || return 1 + mkdir -p /etc/apt/keyrings + cp -f "$tempfile" /etc/apt/keyrings/salt-archive-keyring.pgp && chmod 644 /etc/apt/keyrings/salt-archive-keyring.pgp || return 1 rm -f "$tempfile" return 0 @@ -2071,6 +2035,7 @@ __apt_key_fetch() { # PARAMETERS: url #---------------------------------------------------------------------------------------------------------------------- __rpm_import_gpg() { + url=$1 tempfile="$(__temp_gpg_pub)" @@ -2095,20 +2060,13 @@ __rpm_import_gpg() { #---------------------------------------------------------------------------------------------------------------------- __yum_install_noinput() { - ENABLE_EPEL_CMD="" - # Skip Amazon Linux for the first round, since EPEL is no longer required. - # See issue #724 - if [ $_DISABLE_REPOS -eq $BS_FALSE ] && [ "$DISTRO_NAME_L" != "amazon_linux_ami" ]; then - ENABLE_EPEL_CMD="--enablerepo=${_EPEL_REPO}" - fi - if [ "$DISTRO_NAME_L" = "oracle_linux" ]; then # We need to install one package at a time because --enablerepo=X disables ALL OTHER REPOS!!!! for package in "${@}"; do - yum -y install "${package}" || yum -y install "${package}" ${ENABLE_EPEL_CMD} || return $? + yum -y install "${package}" || yum -y install "${package}" || return $? done else - yum -y install "${@}" ${ENABLE_EPEL_CMD} || return $? + yum -y install "${@}" || return $? fi } # ---------- end of function __yum_install_noinput ---------- @@ -2121,11 +2079,21 @@ __dnf_install_noinput() { dnf -y install "${@}" || return $? } # ---------- end of function __dnf_install_noinput ---------- +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __tdnf_install_noinput +# DESCRIPTION: (DRY) tdnf install with noinput options +#---------------------------------------------------------------------------------------------------------------------- +__tdnf_install_noinput() { + + tdnf -y install "${@}" || return $? +} # ---------- end of function __tdnf_install_noinput ---------- + #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __git_clone_and_checkout # DESCRIPTION: (DRY) Helper function to clone and checkout salt to a # specific revision. #---------------------------------------------------------------------------------------------------------------------- +# shellcheck disable=SC2120 __git_clone_and_checkout() { echodebug "Installed git version: $(git --version | awk '{ print $3 }')" @@ -2134,6 +2102,12 @@ __git_clone_and_checkout() { export GIT_SSL_NO_VERIFY=1 fi + if [ "$(echo "$GIT_REV" | grep -E '^(3006|3007)$')" != "" ]; then + GIT_REV_ADJ="$GIT_REV.x" # branches are 3006.x or 3007.x + else + GIT_REV_ADJ="$GIT_REV" + fi + __SALT_GIT_CHECKOUT_PARENT_DIR=$(dirname "${_SALT_GIT_CHECKOUT_DIR}" 2>/dev/null) __SALT_GIT_CHECKOUT_PARENT_DIR="${__SALT_GIT_CHECKOUT_PARENT_DIR:-/tmp/git}" __SALT_CHECKOUT_REPONAME="$(basename "${_SALT_GIT_CHECKOUT_DIR}" 2>/dev/null)" @@ -2162,15 +2136,15 @@ __git_clone_and_checkout() { git fetch --tags upstream fi - echodebug "Hard reseting the cloned repository to ${GIT_REV}" - git reset --hard "$GIT_REV" || return 1 + echodebug "Hard reseting the cloned repository to ${GIT_REV_ADJ}" + git reset --hard "$GIT_REV_ADJ" || return 1 - # Just calling `git reset --hard $GIT_REV` on a branch name that has + # Just calling `git reset --hard $GIT_REV_ADJ` on a branch name that has # already been checked out will not update that branch to the upstream # HEAD; instead it will simply reset to itself. Check the ref to see # if it is a branch name, check out the branch, and pull in the # changes. - if git branch -a | grep -q "${GIT_REV}"; then + if git branch -a | grep -q "${GIT_REV_ADJ}"; then echodebug "Rebasing the cloned repository branch" git pull --rebase || return 1 fi @@ -2192,11 +2166,16 @@ __git_clone_and_checkout() { # cloning we need actually works if [ "$(git clone 2>&1 | grep 'single-branch')" != "" ]; then # The "--single-branch" option is supported, attempt shallow cloning - echoinfo "Attempting to shallow clone $GIT_REV from Salt's repository ${_SALT_REPO_URL}" - if git clone --depth 1 --branch "$GIT_REV" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then + echoinfo "Attempting to shallow clone $GIT_REV_ADJ from Salt's repository ${_SALT_REPO_URL}" + ## Shallow cloning is resulting in the wrong version of Salt, even with a depth of 5 + ## getting 3007.0+0na.246d066 when it should be 3007.1+410.g246d066457, disabling for now + ## if git clone --depth 1 --branch "$GIT_REV_ADJ" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then + echodebug "git command, git clone --branch $GIT_REV_ADJ $_SALT_REPO_URL $__SALT_CHECKOUT_REPONAME" + if git clone --branch "$GIT_REV_ADJ" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then # shellcheck disable=SC2164 cd "${_SALT_GIT_CHECKOUT_DIR}" __SHALLOW_CLONE=$BS_TRUE + echoinfo "shallow path (disabled shallow) git cloned $GIT_REV_ADJ, version $(python3 salt/version.py)" else # Shallow clone above failed(missing upstream tags???), let's resume the old behaviour. echowarn "Failed to shallow clone." @@ -2210,10 +2189,13 @@ __git_clone_and_checkout() { fi if [ "$__SHALLOW_CLONE" -eq $BS_FALSE ]; then + echodebug "shallow clone false, BS_FALSE $BS_FALSE, git clone $_SALT_REPO_URL $__SALT_CHECKOUT_REPONAME" git clone "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME" || return 1 # shellcheck disable=SC2164 cd "${_SALT_GIT_CHECKOUT_DIR}" + echoinfo "git cloned $GIT_REV_ADJ, version $(python3 salt/version.py)" + if ! echo "$_SALT_REPO_URL" | grep -q -F -w "${_SALTSTACK_REPO_URL#*://}"; then # We need to add the saltstack repository as a remote and fetch tags for proper versioning echoinfo "Adding SaltStack's Salt repository as a remote" @@ -2222,14 +2204,14 @@ __git_clone_and_checkout() { echodebug "Fetching upstream (SaltStack's Salt repository) git tags" git fetch --tags upstream || return 1 - # Check if GIT_REV is a remote branch or just a commit hash - if git branch -r | grep -q -F -w "origin/$GIT_REV"; then - GIT_REV="origin/$GIT_REV" + # Check if GIT_REV_ADJ is a remote branch or just a commit hash + if git branch -r | grep -q -F -w "origin/$GIT_REV_ADJ"; then + GIT_REV_ADJ="origin/$GIT_REV_ADJ" fi fi - echodebug "Checking out $GIT_REV" - git checkout "$GIT_REV" || return 1 + echodebug "Checking out $GIT_REV_ADJ" + git checkout "$GIT_REV_ADJ" || return 1 fi fi @@ -2306,7 +2288,7 @@ __movefile() { exit 1 fi - if [ $_KEEP_TEMP_FILES -eq $BS_TRUE ]; then + if [ "$_KEEP_TEMP_FILES" -eq $BS_TRUE ]; then # We're being told not to move files, instead copy them so we can keep # them around echodebug "Since BS_KEEP_TEMP_FILES=1 we're copying files instead of moving them" @@ -2423,14 +2405,17 @@ __overwriteconfig() { if [ -n "$_PY_EXE" ]; then good_python="$_PY_EXE" # If python does not have yaml installed we're on Arch and should use python2 + # but no more support, hence error out elif python -c "import yaml" 2> /dev/null; then - good_python=python + good_python=python # assume python is python 3 on Arch else - good_python=python2 + ## good_python=python2 + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi # Convert json string to a yaml string and write it to config file. Output is dumped into tempfile. - "$good_python" -c "import json; import yaml; jsn=json.loads('$json'); yml=yaml.safe_dump(jsn, line_break='\\n', default_flow_style=False); config_file=open('$target', 'w'); config_file.write(yml); config_file.close();" 2>$tempfile + "$good_python" -c "import json; import yaml; jsn=json.loads('$json'); yml=yaml.safe_dump(jsn, line_break='\\n', default_flow_style=False, sort_keys=False); config_file=open('$target', 'w'); config_file.write(yml); config_file.close();" 2>"$tempfile" # No python errors output to the tempfile if [ ! -s "$tempfile" ]; then @@ -2455,6 +2440,7 @@ __overwriteconfig() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_systemd() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2462,6 +2448,23 @@ __check_services_systemd() { echoerror "You need to pass a service name to check as the single argument to the function" fi + # check if systemd is functional, having systemctl present is insufficient + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_FALSE ]; then + # already determined systemd is not functional, default is 1 + return 1 + fi + + _SYSTEMD_ACTIVE=$(/bin/systemctl daemon-reload 2>&1 | grep 'System has not been booted with systemd') + echodebug "__check_services_systemd _SYSTEMD_ACTIVE result ,$_SYSTEMD_ACTIVE," + if [ -n "$_SYSTEMD_ACTIVE" ]; then + _SYSTEMD_FUNCTIONAL=$BS_FALSE + echodebug "systemd is not functional, despite systemctl being present, setting _SYSTEMD_FUNCTIONAL false, $_SYSTEMD_FUNCTIONAL" + return 1 + else + echodebug "systemd is functional, _SYSTEMD_FUNCTIONAL true, $_SYSTEMD_FUNCTIONAL" + fi + servicename=$1 echodebug "Checking if service ${servicename} is enabled" @@ -2481,6 +2484,7 @@ __check_services_systemd() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_upstart() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2508,6 +2512,7 @@ __check_services_upstart() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_sysvinit() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2534,6 +2539,7 @@ __check_services_sysvinit() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_debian() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2555,38 +2561,13 @@ __check_services_debian() { } # ---------- end of function __check_services_debian ---------- -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __check_services_openbsd -# DESCRIPTION: Return 0 or 1 in case the service is enabled or not -# PARAMETERS: servicename -#---------------------------------------------------------------------------------------------------------------------- -__check_services_openbsd() { - if [ $# -eq 0 ]; then - echoerror "You need to pass a service name to check!" - exit 1 - elif [ $# -ne 1 ]; then - echoerror "You need to pass a service name to check as the single argument to the function" - fi - - servicename=$1 - echodebug "Checking if service ${servicename} is enabled" - - # shellcheck disable=SC2086,SC2046,SC2144 - if rcctl get ${servicename} status; then - echodebug "Service ${servicename} is enabled" - return 0 - else - echodebug "Service ${servicename} is NOT enabled" - return 1 - fi -} # ---------- end of function __check_services_openbsd ---------- - #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __check_services_openrc # DESCRIPTION: Return 0 or 1 in case the service is enabled or not # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_openrc() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2613,9 +2594,10 @@ __check_services_openrc() { # DESCRIPTION: Return 0 or 1 depending on successful creation of virtualenv #---------------------------------------------------------------------------------------------------------------------- __create_virtualenv() { + if [ ! -d "$_VIRTUALENV_DIR" ]; then echoinfo "Creating virtualenv ${_VIRTUALENV_DIR}" - if [ $_PIP_ALL -eq $BS_TRUE ]; then + if [ "$_PIP_ALL" -eq $BS_TRUE ]; then virtualenv --no-site-packages "${_VIRTUALENV_DIR}" || return 1 else virtualenv --system-site-packages "${_VIRTUALENV_DIR}" || return 1 @@ -2630,6 +2612,7 @@ __create_virtualenv() { # DESCRIPTION: Return 0 or 1 depending on successful activation of virtualenv #---------------------------------------------------------------------------------------------------------------------- __activate_virtualenv() { + set +o nounset # Is virtualenv empty if [ -z "$_VIRTUALENV_DIR" ]; then @@ -2646,17 +2629,18 @@ __activate_virtualenv() { # NAME: __install_pip_pkgs # DESCRIPTION: Return 0 or 1 if successfully able to install pip packages. Can provide a different python version to # install pip packages with. If $py_ver is not specified it will use the default python version. -# PARAMETERS: pkgs, py_ver +# PARAMETERS: pkgs, py_ver, upgrade #---------------------------------------------------------------------------------------------------------------------- __install_pip_pkgs() { + _pip_pkgs="$1" _py_exe="$2" _py_pkg=$(echo "$_py_exe" | sed -E "s/\\.//g") _pip_cmd="${_py_exe} -m pip" if [ "${_py_exe}" = "" ]; then - _py_exe='python' + _py_exe='python3' fi __check_pip_allowed @@ -2671,8 +2655,10 @@ __install_pip_pkgs() { else __PACKAGES="${__PACKAGES} ${_py_pkg}-devel" if [ "$DISTRO_NAME_L" = "fedora" ];then + dnf makecache || return 1 __dnf_install_noinput ${__PACKAGES} || return 1 else + yum makecache || return 1 __yum_install_noinput ${__PACKAGES} || return 1 fi fi @@ -2684,17 +2670,6 @@ __install_pip_pkgs() { ${_pip_cmd} install ${_pip_pkgs} || return 1 } -#--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __install_tornado_pip -# PARAMETERS: python executable -# DESCRIPTION: Return 0 or 1 if successfully able to install tornado<5.0 -#---------------------------------------------------------------------------------------------------------------------- -__install_tornado_pip() { - # OS needs tornado <5.0 from pip - __check_pip_allowed "You need to allow pip based installations (-P) for Tornado <5.0 in order to install Salt on Python 3" - ## install pip if its not installed and install tornado - __install_pip_pkgs "tornado<5.0" "${1}" || return 1 -} #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __install_pip_deps @@ -2702,6 +2677,7 @@ __install_tornado_pip() { # PARAMETERS: requirements_file #---------------------------------------------------------------------------------------------------------------------- __install_pip_deps() { + # Install virtualenv to system pip before activating virtualenv if thats going to be used # We assume pip pkg is installed since that is distro specific if [ "$_VIRTUALENV_DIR" != "null" ]; then @@ -2732,19 +2708,20 @@ __install_pip_deps() { } # ---------- end of function __install_pip_deps ---------- #--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __install_salt_from_repo_post_neon +# NAME: __install_salt_from_repo # DESCRIPTION: Return 0 or 1 if successfully able to install. Can provide a different python version to # install pip packages with. If $py_exe is not specified it will use the default python version. # PARAMETERS: py_exe #---------------------------------------------------------------------------------------------------------------------- -__install_salt_from_repo_post_neon() { +__install_salt_from_repo() { + _py_exe="$1" if [ "${_py_exe}" = "" ]; then - _py_exe='python' + _py_exe="python3" fi - echodebug "__install_salt_from_repo_post_neon py_exe=$_py_exe" + echodebug "__install_salt_from_repo py_exe=$_py_exe" _py_version=$(${_py_exe} -c "import sys; print('{0}.{1}'.format(*sys.version_info))") _pip_cmd="pip${_py_version}" @@ -2765,88 +2742,85 @@ __install_salt_from_repo_post_neon() { echodebug "Installed pip version: $(${_pip_cmd} --version)" - CHECK_PIP_VERSION_SCRIPT=$(cat << EOM -import sys -try: - import pip - installed_pip_version=tuple([int(part.strip()) for part in pip.__version__.split('.') if part.isdigit()]) - desired_pip_version=($(echo ${_MINIMUM_PIP_VERSION} | sed 's/\./, /g' )) - if installed_pip_version < desired_pip_version: - print('Desired pip version {!r} > Installed pip version {!r}'.format('.'.join(map(str, desired_pip_version)), '.'.join(map(str, installed_pip_version)))) - sys.exit(1) - print('Desired pip version {!r} < Installed pip version {!r}'.format('.'.join(map(str, desired_pip_version)), '.'.join(map(str, installed_pip_version)))) - sys.exit(0) -except ImportError: - print('Failed to import pip') - sys.exit(1) -EOM -) - if ! ${_py_exe} -c "$CHECK_PIP_VERSION_SCRIPT"; then - # Upgrade pip to at least 1.2 which is when we can start using "python -m pip" - if [ "${_py_version}" = "3.5" ]; then - echodebug "Running '${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION},<21.0'" - ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION},<21.0" - else - echodebug "Running '${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION}'" - ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION}" - fi - sleep 1 - echodebug "PATH: ${PATH}" - _pip_cmd="pip${_py_version}" - if ! __check_command_exists "${_pip_cmd}"; then - echodebug "The pip binary '${_pip_cmd}' was not found in PATH" - _pip_cmd="pip$(echo "${_py_version}" | cut -c -1)" - if ! __check_command_exists "${_pip_cmd}"; then - echodebug "The pip binary '${_pip_cmd}' was not found in PATH" - _pip_cmd="pip" - if ! __check_command_exists "${_pip_cmd}"; then - echoerror "Unable to find a pip binary" - return 1 - fi - fi - fi - echodebug "Installed pip version: $(${_pip_cmd} --version)" + _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION},<${_MAXIMUM_SETUPTOOLS_VERSION}" + if [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION}" - if [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - # We also lock setuptools to <45 which is the latest release to support both py2 and py3 - _setuptools_dep="${_setuptools_dep},<45" + _USE_BREAK_SYSTEM_PACKAGES="" + # shellcheck disable=SC2086,SC2090 + if { [ ${DISTRO_NAME_L} = "ubuntu" ] && [ "$DISTRO_MAJOR_VERSION" -ge 24 ]; } || \ + [ ${DISTRO_NAME_L} = "debian" ] && [ "$DISTRO_MAJOR_VERSION" -ge 12 ]; then + _USE_BREAK_SYSTEM_PACKAGES="--break-system-packages" + echodebug "OS is greater than / equal Debian 12 or Ubuntu 24.04, using ${_USE_BREAK_SYSTEM_PACKAGES}" fi - echodebug "Running '${_pip_cmd} install wheel ${_setuptools_dep}'" - ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} wheel "${_setuptools_dep}" + echodebug "Running '${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade ${_PIP_INSTALL_ARGS} wheel ${_setuptools_dep}" + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade ${_PIP_INSTALL_ARGS} wheel "${_setuptools_dep}" - echoinfo "Installing salt using ${_py_exe}" + echoinfo "Installing salt using ${_py_exe}, $(${_py_exe} --version)" cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - mkdir /tmp/git/deps - echoinfo "Downloading Salt Dependencies from PyPi" - echodebug "Running '${_pip_cmd} download -d /tmp/git/deps .'" - ${_pip_cmd} download -d /tmp/git/deps . || (echo "Failed to download salt dependencies" && return 1) + mkdir -p /tmp/git/deps + echodebug "Created directory /tmp/git/deps" + + if [ ${DISTRO_NAME_L} = "ubuntu" ] && [ "$DISTRO_MAJOR_VERSION" -eq 22 ]; then + echodebug "Ubuntu 22.04 has problem with base.txt requirements file, not parsing sys_platform == 'win32', upgrading from default pip works" + echodebug "${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade pip" + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --upgrade pip + # shellcheck disable=SC2181 + if [ $? -ne 0 ]; then + echo "Failed to upgrade pip" + return 1 + fi + fi - echoinfo "Installing Downloaded Salt Dependencies" - echodebug "Running '${_pip_cmd} install --ignore-installed ${_POST_NEON_PIP_INSTALL_ARGS} /tmp/git/deps/*'" - ${_pip_cmd} install --ignore-installed ${_POST_NEON_PIP_INSTALL_ARGS} /tmp/git/deps/* || return 1 rm -f /tmp/git/deps/* - echoinfo "Building Salt Python Wheel" + echodebug "Installing Salt requirements from PyPi, ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed ${_PIP_INSTALL_ARGS} -r requirements/static/ci/py${_py_version}/linux.txt" + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed ${_PIP_INSTALL_ARGS} -r "requirements/static/ci/py${_py_version}/linux.txt" + # shellcheck disable=SC2181 + if [ $? -ne 0 ]; then + echo "Failed to install salt requirements for the version of Python ${_py_version}" + return 1 + fi + + if [ "${OS_NAME}" = "Linux" ]; then + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed --upgrade ${_PIP_INSTALL_ARGS} "jaraco.functools==4.1.0" || return 1 + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed --upgrade ${_PIP_INSTALL_ARGS} "jaraco.text==4.0.0" || return 1 + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed --upgrade ${_PIP_INSTALL_ARGS} "jaraco.collections==5.1.0" || return 1 + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed --upgrade ${_PIP_INSTALL_ARGS} "jaraco.context==6.0.1" || return 1 + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --ignore-installed --upgrade ${_PIP_INSTALL_ARGS} "jaraco.classes==3.4.0" || return 1 + fi + echoinfo "Building Salt Python Wheel" if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then SETUP_PY_INSTALL_ARGS="-v" fi echodebug "Running '${_py_exe} setup.py --salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} bdist_wheel'" - ${_py_exe} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} bdist_wheel || return 1 + ${_py_exe} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS}" bdist_wheel || return 1 mv dist/salt*.whl /tmp/git/deps/ || return 1 cd "${__SALT_GIT_CHECKOUT_PARENT_DIR}" || return 1 echoinfo "Installing Built Salt Wheel" - ${_pip_cmd} uninstall --yes salt 2>/dev/null || true - echodebug "Running '${_pip_cmd} install --no-deps --force-reinstall ${_POST_NEON_PIP_INSTALL_ARGS} /tmp/git/deps/salt*.whl'" - ${_pip_cmd} install --no-deps --force-reinstall \ - ${_POST_NEON_PIP_INSTALL_ARGS} \ + ${_pip_cmd} uninstall --yes ${_USE_BREAK_SYSTEM_PACKAGES} salt 2>/dev/null || true + + # Hack for getting current Arch working with git-master + if [ "${DISTRO_NAME}" = "Arch Linux" ]; then + _arch_dep="cryptography==42.0.7" # debug matching current Arch version of python-cryptography + echodebug "Running '${_pip_cmd} install --force-reinstall --break-system-packages ${_arch_dep}'" + ${_pip_cmd} install --force-reinstall --break-system-packages "${_arch_dep}" + fi + + echodebug "Running '${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} /tmp/git/deps/salt*.whl'" + + echodebug "Running ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall ${_PIP_INSTALL_ARGS} --global-option=--salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS} /tmp/git/deps/salt*.whl" + + ${_pip_cmd} install ${_USE_BREAK_SYSTEM_PACKAGES} --no-deps --force-reinstall \ + ${_PIP_INSTALL_ARGS} \ --global-option="--salt-config-dir=$_SALT_ETC_DIR --salt-cache-dir=${_SALT_CACHE_DIR} ${SETUP_PY_INSTALL_ARGS}" \ /tmp/git/deps/salt*.whl || return 1 @@ -2869,21 +2843,16 @@ EOM return 1 fi return 0 -} # ---------- end of function __install_salt_from_repo_post_neon ---------- +} # ---------- end of function __install_salt_from_repo ---------- -if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - if [ "x${_PY_MAJOR_VERSION}" = "x" ]; then - # Default to python 2 for pre Neon installs - _PY_MAJOR_VERSION=2 - fi -else - if [ "x${_PY_MAJOR_VERSION}" = "x" ]; then - # Default to python 3 for post Neon install - _PY_MAJOR_VERSION=3 - fi +# shellcheck disable=SC2268 +if [ "x${_PY_MAJOR_VERSION}" = "x" ]; then + # Default to python 3 for install + _PY_MAJOR_VERSION=3 fi + ####################################################################################################################### # # Distribution install functions @@ -2967,6 +2936,9 @@ fi # Ubuntu Install Functions # __enable_universe_repository() { + + echodebug "__enable_universe_repository() entry" + if [ "$(grep -R universe /etc/apt/sources.list /etc/apt/sources.list.d/ | grep -v '#')" != "" ]; then # The universe repository is already enabled return 0 @@ -2980,16 +2952,15 @@ __enable_universe_repository() { } __install_saltstack_ubuntu_repository() { + # Workaround for latest non-LTS Ubuntu + echodebug "__install_saltstack_ubuntu_repository() entry" + if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - # remove 22 version when salt packages for 22.04 are available - [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 22 ]; then + { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 24 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ] || [ "$DISTRO_MAJOR_VERSION" -eq 25 ]; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=20.04 - UBUNTU_CODENAME="focal" - else - UBUNTU_VERSION=${DISTRO_VERSION} - UBUNTU_CODENAME=${DISTRO_CODENAME} fi # Install downloader backend for GPG keys fetching @@ -3005,33 +2976,48 @@ __install_saltstack_ubuntu_repository() { __PACKAGES="${__PACKAGES} apt-transport-https ca-certificates" fi + ## include hwclock if not part of base OS (23.10 and up) + if [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi + # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is not supported, only Python 3" + return 1 fi # SaltStack's stable Ubuntu repository: - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 + __wait_for_apt apt-get update || return 1 - __apt_key_fetch "$SALTSTACK_UBUNTU_URL/salt-archive-keyring.gpg" || return 1 + if [ "$STABLE_REV" != "latest" ]; then + # latest is default + if [ "$(echo "$STABLE_REV" | grep -E '^(3006|3007)$')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $STABLE_REV.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$(echo "$STABLE_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $STABLE_REV" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi - __wait_for_apt apt-get update || return 1 } __install_saltstack_ubuntu_onedir_repository() { + + echodebug "__install_saltstack_ubuntu_onedir_repository() entry" + # Workaround for latest non-LTS Ubuntu if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - [ "$DISTRO_MAJOR_VERSION" -eq 21 ]; then + { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ] || [ "$DISTRO_MAJOR_VERSION" -eq 25 ]; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=20.04 - UBUNTU_CODENAME="focal" - else - UBUNTU_VERSION=${DISTRO_VERSION} - UBUNTU_CODENAME=${DISTRO_CODENAME} fi # Install downloader backend for GPG keys fetching @@ -3047,25 +3033,37 @@ __install_saltstack_ubuntu_onedir_repository() { __PACKAGES="${__PACKAGES} apt-transport-https ca-certificates" fi + ## include hwclock if not part of base OS (23.10 and up) + if [ "$DISTRO_MAJOR_VERSION" -ge 23 ] && [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi + # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi - # SaltStack's stable Ubuntu repository: - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${ONEDIR_REV}/" - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list - - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}salt-archive-keyring.gpg" || return 1 - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$ONEDIR_REV" != "latest" ]; then + # latest is default + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $ONEDIR_REV.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $ONEDIR_REV" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi } install_ubuntu_deps() { - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then + + echodebug "install_ubuntu_deps() entry" + if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then # Install add-apt-repository if ! __check_command_exists add-apt-repository; then __apt_get_install_noinput software-properties-common || return 1 @@ -3078,24 +3076,19 @@ install_ubuntu_deps() { __PACKAGES='' - if [ "$DISTRO_MAJOR_VERSION" -lt 16 ]; then - # Minimal systems might not have upstart installed, install it - __PACKAGES="upstart" - fi - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 16 ] && [ -z "$_PY_EXE" ]; then - __PACKAGES="${__PACKAGES} python2.7" + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] && [ -z "$_PY_EXE" ]; then + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}" fi if [ "$_VIRTUALENV_DIR" != "null" ]; then - __PACKAGES="${__PACKAGES} python-virtualenv" + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-virtualenv" fi + # Need python-apt for managing packages via Salt __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-apt" @@ -3108,6 +3101,14 @@ install_ubuntu_deps() { # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 __PACKAGES="${__PACKAGES} procps pciutils" + # ensure sudo, ps installed + __PACKAGES="${__PACKAGES} sudo" + + ## include hwclock if not part of base OS (23.10 and up) + if [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi + # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3121,14 +3122,10 @@ install_ubuntu_deps() { } install_ubuntu_stable_deps() { - if [ "${_SLEEP}" -eq "${__DEFAULT_SLEEP}" ] && [ "$DISTRO_MAJOR_VERSION" -lt 16 ]; then - # The user did not pass a custom sleep value as an argument, let's increase the default value - echodebug "On Ubuntu systems we increase the default sleep value to 10." - echodebug "See https://github.com/saltstack/salt/issues/12248 for more info." - _SLEEP=10 - fi - if [ $_START_DAEMONS -eq $BS_FALSE ]; then + echodebug "install_ubuntu_stable_deps() entry" + + if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3139,7 +3136,8 @@ install_ubuntu_stable_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ] || [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then + ## apt-key is deprecated + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 else __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && @@ -3159,6 +3157,9 @@ install_ubuntu_stable_deps() { } install_ubuntu_git_deps() { + + echodebug "install_ubuntu_git_deps() entry" + __wait_for_apt apt-get update || return 1 if ! __check_command_exists git; then @@ -3169,67 +3170,36 @@ install_ubuntu_git_deps() { __apt_get_install_noinput ca-certificates fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - __PACKAGES="" - - # See how we are installing packages - if [ "${_PIP_ALL}" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-dev swig libssl-dev libzmq3 libzmq3-dev" - - if ! __check_command_exists pip; then - __PACKAGES="${__PACKAGES} python-setuptools python-pip" - fi - - # Get just the apt packages that are required to build all the pythons - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - # Install the pythons from requirements (only zmq for now) - __install_pip_deps "${_SALT_GIT_CHECKOUT_DIR}/requirements/zeromq.txt" || return 1 - else - install_ubuntu_stable_deps || return 1 + __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" + if [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then + __PACKAGES="${__PACKAGES} g++" + fi - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python3-setuptools" - else - # There is no m2crypto package for Py3 at this time - only install for Py2 - __PACKAGES="${__PACKAGES} python-m2crypto" - fi + ## include hwclock if not part of base OS (23.10 and up) + if [ ! -f /usr/sbin/hwclock ]; then + __PACKAGES="${__PACKAGES} util-linux-extra" + fi - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-yaml" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-zmq" - __PACKAGES="${__PACKAGES} python-concurrent.futures" + # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 + __PACKAGES="${__PACKAGES} procps pciutils" - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud" - fi + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - fi - else - __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - if [ "$DISTRO_MAJOR_VERSION" -ge 22 ]; then - __PACKAGES="${__PACKAGES} g++" - fi - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - fi + # shellcheck disable=SC2086 + __apt_get_install_noinput ${__PACKAGES} || return 1 # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -3237,14 +3207,8 @@ install_ubuntu_git_deps() { } install_ubuntu_onedir_deps() { - if [ "${_SLEEP}" -eq "${__DEFAULT_SLEEP}" ] && [ "$DISTRO_MAJOR_VERSION" -lt 16 ]; then - # The user did not pass a custom sleep value as an argument, let's increase the default value - echodebug "On Ubuntu systems we increase the default sleep value to 10." - echodebug "See https://github.com/saltstack/salt/issues/12248 for more info." - _SLEEP=10 - fi - if [ $_START_DAEMONS -eq $BS_FALSE ]; then + if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3255,7 +3219,8 @@ install_ubuntu_onedir_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ]; then + ## apt-key is deprecated + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 else __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && @@ -3275,6 +3240,9 @@ install_ubuntu_onedir_deps() { } install_ubuntu_stable() { + + __wait_for_apt apt-get update || return 1 + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3290,6 +3258,10 @@ install_ubuntu_stable() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3297,6 +3269,7 @@ install_ubuntu_stable() { } install_ubuntu_git() { + # Activate virtualenv before install if [ "${_VIRTUALENV_DIR}" != "null" ]; then __activate_virtualenv || return 1 @@ -3305,35 +3278,30 @@ install_ubuntu_git() { if [ -n "$_PY_EXE" ]; then _PYEXE=${_PY_EXE} else - _PYEXE=python2.7 + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - # We can use --prefix on debian based ditributions - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python3/dist-packages --install-option=--install-scripts=/usr/bin" - else - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python2.7/dist-packages --install-option=--install-scripts=/usr/bin" - fi - _POST_NEON_PIP_INSTALL_ARGS="" - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - sed -i 's:/usr/bin:/usr/local/bin:g' pkg/*.service - return 0 - fi + _PIP_INSTALL_ARGS="" + __install_salt_from_repo "${_PY_EXE}" || return 1 + cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 + # Account for new path for services files in later releases + if [ -d "pkg/common" ]; then + _SERVICE_DIR="pkg/common" else - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 + _SERVICE_DIR="pkg" fi + sed -i 's:/usr/bin:/usr/local/bin:g' "${_SERVICE_DIR}"/*.service return 0 + } install_ubuntu_onedir() { + + __wait_for_apt apt-get update || return 1 + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3349,6 +3317,10 @@ install_ubuntu_onedir() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3356,6 +3328,7 @@ install_ubuntu_onedir() { } install_ubuntu_stable_post() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3365,7 +3338,7 @@ install_ubuntu_stable_post() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Using systemd /bin/systemctl is-enabled salt-$fname.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-$fname.service > /dev/null 2>&1 && @@ -3382,6 +3355,7 @@ install_ubuntu_stable_post() { } install_ubuntu_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -3390,8 +3364,15 @@ install_ubuntu_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + # Account for new path for services files in later releases + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" + else + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg" + fi + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3399,21 +3380,6 @@ install_ubuntu_git_post() { systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload - elif [ -f /sbin/initctl ]; then - _upstart_conf="/etc/init/salt-$fname.conf" - # We have upstart support - echodebug "There's upstart support" - if [ ! -f $_upstart_conf ]; then - # upstart does not know about our service, let's copy the proper file - echowarn "Upstart does not appear to know about salt-$fname" - echodebug "Copying ${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-$fname.upstart to $_upstart_conf" - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.upstart" "$_upstart_conf" - # Set service to know about virtualenv - if [ "${_VIRTUALENV_DIR}" != "null" ]; then - echo "SALT_USE_VIRTUALENV=${_VIRTUALENV_DIR}" > /etc/default/salt-${fname} - fi - /sbin/initctl reload-configuration || return 1 - fi # No upstart support in Ubuntu!? elif [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.init" ]; then echodebug "There's NO upstart support!?" @@ -3426,7 +3392,7 @@ install_ubuntu_git_post() { update-rc.d salt-$fname defaults else - echoerror "Neither upstart nor init.d was setup for salt-$fname" + echoerror "No init.d was setup for salt-$fname" fi done @@ -3434,13 +3400,12 @@ install_ubuntu_git_post() { } install_ubuntu_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return - # Ensure upstart configs / systemd units are loaded - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return + + # Ensure systemd units are loaded + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then systemctl daemon-reload - elif [ -f /sbin/initctl ]; then - /sbin/initctl reload-configuration fi for fname in api master minion syndic; do @@ -3452,7 +3417,7 @@ install_ubuntu_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then echodebug "There's systemd support while checking salt-$fname" systemctl stop salt-$fname > /dev/null 2>&1 systemctl start salt-$fname.service && continue @@ -3464,18 +3429,6 @@ install_ubuntu_restart_daemons() { fi fi - if [ -f /sbin/initctl ]; then - echodebug "There's upstart support while checking salt-$fname" - - if status salt-$fname 2>/dev/null | grep -q running; then - stop salt-$fname || (echodebug "Failed to stop salt-$fname" && return 1) - fi - - start salt-$fname && continue - # We failed to start the service, let's test the SysV code below - echodebug "Failed to start salt-$fname using Upstart" - fi - if [ ! -f /etc/init.d/salt-$fname ]; then echoerror "No init.d support for salt-$fname was found" return 1 @@ -3489,6 +3442,7 @@ install_ubuntu_restart_daemons() { } install_ubuntu_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3498,10 +3452,8 @@ install_ubuntu_check_services() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then __check_services_systemd salt-$fname || return 1 - elif [ -f /sbin/initctl ] && [ -f /etc/init/salt-${fname}.conf ]; then - __check_services_upstart salt-$fname || return 1 elif [ -f /etc/init.d/salt-$fname ]; then __check_services_debian salt-$fname || return 1 fi @@ -3519,12 +3471,12 @@ install_ubuntu_check_services() { # Debian Install Functions # __install_saltstack_debian_repository() { - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" + echodebug "__install_saltstack_debian_repository() entry" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # Install downloader backend for GPG keys fetching @@ -3543,22 +3495,31 @@ __install_saltstack_debian_repository() { # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - - __apt_key_fetch "$SALTSTACK_DEBIAN_URL/salt-archive-keyring.gpg" || return 1 - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$STABLE_REV" != "latest" ]; then + # latest is default + if [ "$(echo "$STABLE_REV" | grep -E '^(3006|3007)$')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $STABLE_REV.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$(echo "$STABLE_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $STABLE_REV" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi } __install_saltstack_debian_onedir_repository() { - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" - __PY_VERSION_REPO="apt" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" + echodebug "__install_saltstack_debian_onedir_repository() entry" + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # Install downloader backend for GPG keys fetching @@ -3577,70 +3538,29 @@ __install_saltstack_debian_onedir_repository() { # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${ONEDIR_REV}/" - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}salt-archive-keyring.gpg" || return 1 - - __wait_for_apt apt-get update || return 1 -} - -install_debian_deps() { - if [ $_START_DAEMONS -eq $BS_FALSE ]; then - echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." - fi - - # No user interaction, libc6 restart services for example - export DEBIAN_FRONTEND=noninteractive - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 - if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then - # Try to update GPG keys first if allowed - if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 10 ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 - else - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 - fi + if [ "$ONEDIR_REV" != "latest" ]; then + # latest is default + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $ONEDIR_REV.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version $ONEDIR_REV" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 fi - - __apt_get_upgrade_noinput || return 1 - fi - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" - fi - - # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 - __PACKAGES='procps pciutils' - - # YAML module is used for generating custom master/minion configs - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-yaml" - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __check_dpkg_architecture || return 1 - __install_saltstack_debian_repository || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${_EXTRA_PACKAGES} || return 1 fi - - return 0 } install_debian_onedir_deps() { - if [ $_START_DAEMONS -eq $BS_FALSE ]; then + + echodebug "install_debian_onedir_git_deps() entry" + + if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3663,10 +3583,9 @@ install_debian_onedir_deps() { __apt_get_upgrade_noinput || return 1 fi - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 @@ -3675,6 +3594,9 @@ install_debian_onedir_deps() { # YAML module is used for generating custom master/minion configs __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-yaml" + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3692,283 +3614,134 @@ install_debian_onedir_deps() { return 0 } -install_debian_git_pre() { +install_debian_git_deps() { + + echodebug "install_debian_git_deps() entry" + + __wait_for_apt apt-get update || return 1 + if ! __check_command_exists git; then - __apt_get_install_noinput git || return 1 + __apt_get_install_noinput git-core || return 1 fi if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then __apt_get_install_noinput ca-certificates fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi -} -install_debian_git_deps() { - install_debian_deps || return 1 - install_debian_git_pre || return 1 + __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" + echodebug "install_debian_git_deps() Installing ${__PACKAGES}" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 - else - PY_PKG_VER="" - fi + # Additionally install procps and pciutils which allows for Docker bootstraps. See 366#issuecomment-39666813 + __PACKAGES="${__PACKAGES} procps pciutils" - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __PACKAGES="libzmq3 libzmq3-dev lsb-release python-apt python-backports.ssl-match-hostname" - __PACKAGES="${__PACKAGES} python-crypto python-jinja2 python-msgpack python-m2crypto" - __PACKAGES="${__PACKAGES} python-requests python-tornado python-yaml python-zmq" + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python-libcloud" - fi + # shellcheck disable=SC2086 + __apt_get_install_noinput ${__PACKAGES} || return 1 - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - else - __PACKAGES="python${PY_PKG_VER}-dev python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - echodebug "install_debian_git_deps() Installing ${__PACKAGES}" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 + # Let's trigger config_salt() + if [ "$_TEMP_CONFIG_DIR" = "null" ]; then + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" + CONFIG_SALT_FUNC="config_salt" fi return 0 } -install_debian_7_git_deps() { - install_debian_deps || return 1 - install_debian_git_deps || return 1 +install_debian_stable() { - return 0 -} + __wait_for_apt apt-get update || return 1 -install_debian_8_git_deps() { + __PACKAGES="" - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - echodebug "CALLING install_debian_git_deps" - install_debian_git_deps || return 1 - return 0 + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then + __PACKAGES="${__PACKAGES} salt-cloud" fi - - install_debian_deps || return 1 - - if ! __check_command_exists git; then - __apt_get_install_noinput git || return 1 + if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-master" fi - - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - __apt_get_install_noinput ca-certificates + if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-minion" fi - - __git_clone_and_checkout || return 1 - - __PACKAGES="libzmq3 libzmq3-dev lsb-release python-apt python-crypto python-jinja2" - __PACKAGES="${__PACKAGES} python-m2crypto python-msgpack python-requests python-systemd" - __PACKAGES="${__PACKAGES} python-yaml python-zmq python-concurrent.futures" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python-libcloud" + if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-syndic" fi - __PIP_PACKAGES='' - if (__check_pip_allowed >/dev/null 2>&1); then - __PIP_PACKAGES='tornado<5.0' - # Install development environment for building tornado Python module - __PACKAGES="${__PACKAGES} build-essential python-dev" - - if ! __check_command_exists pip; then - __PACKAGES="${__PACKAGES} python-pip" - fi - # Attempt to configure backports repo on non-x86_64 system - elif [ $_DISABLE_REPOS -eq $BS_FALSE ] && [ "$DPKG_ARCHITECTURE" != "amd64" ]; then - # Check if Debian Backports repo already configured - if ! apt-cache policy | grep -q 'Debian Backports'; then - echo 'deb http://httpredir.debian.org/debian jessie-backports main' > \ - /etc/apt/sources.list.d/backports.list - fi - - __wait_for_apt apt-get update || return 1 - - # python-tornado package should be installed from backports repo - __PACKAGES="${__PACKAGES} python-backports.ssl-match-hostname python-tornado/jessie-backports" - else - __PACKAGES="${__PACKAGES} python-backports.ssl-match-hostname python-tornado" + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" fi # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 - if [ "${__PIP_PACKAGES}" != "" ]; then - # shellcheck disable=SC2086,SC2090 - pip install -U ${__PIP_PACKAGES} || return 1 - fi + return 0 +} - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi +install_debian_11_git_deps() { + install_debian_git_deps || return 1 return 0 } -install_debian_9_git_deps() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - install_debian_git_deps || return 1 - return 0 - fi +install_debian_12_git_deps() { - install_debian_deps || return 1 - install_debian_git_pre || return 1 + install_debian_git_deps || return 1 + return 0 +} - __PACKAGES="libzmq5 lsb-release" +install_debian_git() { - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - PY_PKG_VER=3 + if [ -n "$_PY_EXE" ]; then + _PYEXE=${_PY_EXE} else - PY_PKG_VER="" - - # These packages are PY2-ONLY - __PACKAGES="${__PACKAGES} python-backports-abc python-m2crypto python-concurrent.futures" + ## _PYEXE=python + echoerror "Python 2 is no longer supported, only Py3 packages" + return 1 fi - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-apt python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests python${PY_PKG_VER}-systemd" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-yaml python${PY_PKG_VER}-zmq" + # We can use --prefix on debian based ditributions - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - # Install python-libcloud if asked to - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud" - fi + _PIP_INSTALL_ARGS="" - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 + __install_salt_from_repo "${_PY_EXE}" || return 1 + cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 + # Account for new path for services files in later releases + if [ -d "pkg/common" ]; then + _SERVICE_DIR="pkg/common" + else + _SERVICE_DIR="pkg" + fi + + sed -i 's:/usr/bin:/usr/local/bin:g' "${_SERVICE_DIR}"/*.service return 0 } -install_debian_10_git_deps() { +install_debian_11_git() { - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - install_debian_git_deps || return 1 - return 0 - fi - - install_debian_deps || return 1 - install_debian_git_pre || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _py=${_PY_EXE} - PY_PKG_VER=3 - __PACKAGES="python${PY_PKG_VER}-distutils" - else - _py="python" - PY_PKG_VER="" - __PACKAGES="" - fi - - __install_tornado_pip ${_py}|| return 1 - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-yaml python${PY_PKG_VER}-zmq" - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - -install_debian_stable() { - __PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-master" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-syndic" - fi - - # shellcheck disable=SC2086 - __apt_get_install_noinput ${__PACKAGES} || return 1 - - return 0 -} - -install_debian_7_stable() { - install_debian_stable || return 1 - return 0 -} - -install_debian_8_stable() { - install_debian_stable || return 1 - return 0 -} - -install_debian_9_stable() { - install_debian_stable || return 1 - return 0 -} - -install_debian_git() { - if [ -n "$_PY_EXE" ]; then - _PYEXE=${_PY_EXE} - else - _PYEXE=python - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - # We can use --prefix on debian based ditributions - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python3/dist-packages --install-option=--install-scripts=/usr/bin" - else - _POST_NEON_PIP_INSTALL_ARGS="--target=/usr/lib/python2.7/dist-packages --install-option=--install-scripts=/usr/bin" - fi - _POST_NEON_PIP_INSTALL_ARGS="" - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 - sed -i 's:/usr/bin:/usr/local/bin:g' pkg/*.service - return 0 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 - else - # shellcheck disable=SC2086 - "${_PYEXE}" setup.py ${SETUP_PY_INSTALL_ARGS} install --install-layout=deb || return 1 - fi -} - -install_debian_7_git() { install_debian_git || return 1 return 0 } -install_debian_8_git() { - install_debian_git || return 1 - return 0 -} +install_debian_12_git() { -install_debian_9_git() { install_debian_git || return 1 return 0 } install_debian_onedir() { + + __wait_for_apt apt-get update || return 1 + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3984,6 +3757,10 @@ install_debian_onedir() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 __apt_get_install_noinput ${__PACKAGES} || return 1 @@ -3991,6 +3768,7 @@ install_debian_onedir() { } install_debian_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ "$fname" = "api" ] && \ @@ -3999,16 +3777,23 @@ install_debian_git_post() { [ "$fname" = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ "$fname" = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + # Account for new path for services files in later releases + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" + else + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg" + fi + # Configure SystemD for Debian 8 "Jessie" and later - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then if [ ! -f /lib/systemd/system/salt-${fname}.service ] || \ { [ -f /lib/systemd/system/salt-${fname}.service ] && [ $_FORCE_OVERWRITE -eq $BS_TRUE ]; }; then - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" ]; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" /lib/systemd/system - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.environment" "/etc/default/salt-${fname}" + if [ -f "${_SERVICE_DIR}/salt-${fname}.service" ]; then + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" /lib/systemd/system + __copyfile "${_SERVICE_DIR}/salt-${fname}.environment" "/etc/default/salt-${fname}" else # workaround before adding Debian-specific unit files to the Salt main repo - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" /lib/systemd/system + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" /lib/systemd/system sed -i -e '/^Type/ s/notify/simple/' /lib/systemd/system/salt-${fname}.service fi fi @@ -4018,29 +3803,12 @@ install_debian_git_post() { /bin/systemctl enable "salt-${fname}.service" SYSTEMD_RELOAD=$BS_TRUE - - # Install initscripts for Debian 7 "Wheezy" - elif [ ! -f "/etc/init.d/salt-$fname" ] || \ - { [ -f "/etc/init.d/salt-$fname" ] && [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; }; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-${fname}.init" "/etc/init.d/salt-${fname}" - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/deb/salt-${fname}.environment" "/etc/default/salt-${fname}" - - if [ ! -f "/etc/init.d/salt-${fname}" ]; then - echowarn "The init script for salt-${fname} was not found, skipping it..." - continue - fi - - chmod +x "/etc/init.d/salt-${fname}" - - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ "$fname" = "api" ] && continue - - update-rc.d "salt-${fname}" defaults fi done } install_debian_2021_post() { + # Kali 2021 (debian derivative) disables all network services by default # Using archlinux post function to enable salt systemd services install_arch_linux_post || return 1 @@ -4048,6 +3816,7 @@ install_debian_2021_post() { } install_debian_restart_daemons() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 for fname in api master minion syndic; do @@ -4059,8 +3828,8 @@ install_debian_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then - # Debian 8 uses systemd + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then + # Debian 8 and above uses systemd /bin/systemctl stop salt-$fname > /dev/null 2>&1 /bin/systemctl start salt-$fname.service && continue if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then @@ -4076,6 +3845,7 @@ install_debian_restart_daemons() { } install_debian_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4085,7 +3855,7 @@ install_debian_check_services() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then __check_services_systemd salt-$fname || return 1 elif [ -f /etc/init.d/salt-$fname ]; then __check_services_debian salt-$fname || return 1 @@ -4103,20 +3873,72 @@ install_debian_check_services() { # Fedora Install Functions # +__install_saltstack_fedora_onedir_repository() { + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi + + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default, and latest for 3006.x branch + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # latest version for branch 3006 | 3007 + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # using minor version + echo "[salt-repo-${ONEDIR_REV}-lts]" > "${YUM_REPO_FILE}" + # shellcheck disable=SC2129 + echo "name=Salt Repo for Salt v${ONEDIR_REV} LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 + dnf makecache || return 1 + + elif [ "$ONEDIR_REV" != "latest" ]; then + echowarn "salt.repo already exists, ignoring salt version argument." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." + fi + + return 0 +} + install_fedora_deps() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then dnf -y update || return 1 fi __PACKAGES="${__PACKAGES:=}" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -lt 3 ]; then - echoerror "There are no Python 2 stable packages for Fedora, only Py3 packages" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" return 1 fi # Salt on Fedora is Py3 PY_PKG_VER=3 + ## find no dnf-utils in Fedora packaging archives and yum-utils EL7 and F30, none after + ## but find it on 8 and 9 Centos Stream __PACKAGES="${__PACKAGES} dnf-utils libyaml procps-ng python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests python${PY_PKG_VER}-zmq" __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pip python${PY_PKG_VER}-m2crypto python${PY_PKG_VER}-pyyaml" @@ -4125,92 +3947,22 @@ install_fedora_deps() { echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" fi + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" + # shellcheck disable=SC2086 __dnf_install_noinput ${__PACKAGES} ${_EXTRA_PACKAGES} || return 1 return 0 } -install_fedora_stable() { - if [ "$STABLE_REV" = "latest" ]; then - __SALT_VERSION="" - else - __SALT_VERSION="$(dnf list --showduplicates salt | grep "$STABLE_REV" | head -n 1 | awk '{print $2}')" - if [ "x${__SALT_VERSION}" = "x" ]; then - echoerror "Could not find a stable install for Salt ${STABLE_REV}" - exit 1 - fi - echoinfo "Installing Stable Package Version ${__SALT_VERSION}" - __SALT_VERSION="-${__SALT_VERSION}" - fi - __PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud${__SALT_VERSION}" - fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-master${__SALT_VERSION}" - fi - if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion${__SALT_VERSION}" - fi - if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-syndic${__SALT_VERSION}" - fi - - # shellcheck disable=SC2086 - __dnf_install_noinput ${__PACKAGES} || return 1 +install_fedora_git_deps() { - __python="python3" - if ! __check_command_exists python3; then - echoerror "Could not find a python3 binary?!" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __check_pip_allowed "You need to allow pip based installations (-P) for Tornado <5.0 in order to install Salt" - __installed_tornado_rpm=$(rpm -qa | grep python${PY_PKG_VER}-tornado) - if [ -n "${__installed_tornado_rpm}" ]; then - echodebug "Removing system package ${__installed_tornado_rpm}" - rpm -e --nodeps "${__installed_tornado_rpm}" || return 1 - fi - __get_site_packages_dir_code=$(cat << EOM -import site -print([d for d in site.getsitepackages() if d.startswith('/usr/lib/python')][0]) -EOM -) - __target_path=$(${__python} -c "${__get_site_packages_dir_code}") - echodebug "Running '${__python}' -m pip install --target ${__target_path} 'tornado<5.0'" - "${__python}" -m pip install --target "${__target_path}" "tornado<5" || return 1 - fi - - return 0 -} - -install_fedora_stable_post() { - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) - sleep 1 - systemctl daemon-reload - done -} - -install_fedora_git_deps() { - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - # Packages are named python3- - PY_PKG_VER=3 - else - PY_PKG_VER=2 - fi - __PACKAGES="" if ! __check_command_exists ps; then __PACKAGES="${__PACKAGES} procps-ng" @@ -4225,81 +3977,47 @@ install_fedora_git_deps() { __PACKAGES="" fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then + __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc gcc-c++" - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - __PACKAGES="${__PACKAGES} ca-certificates" - fi - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud python${PY_PKG_VER}-netaddr" - fi - - install_fedora_deps || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - if __check_command_exists python3; then - __python="python3" - fi - elif [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - if __check_command_exists python2; then - __python="python2" - fi - else - if ! __check_command_exists python; then - echoerror "Unable to find a python binary?!" - return 1 - fi - # Let's hope it's the right one - __python="python" - fi + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" - grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" | while IFS=' - ' read -r dep; do - echodebug "Running '${__python}' -m pip install '${dep}'" - "${__python}" -m pip install "${dep}" || return 1 - done - else - __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - if [ "${DISTRO_VERSION}" -ge 35 ]; then - __PACKAGES="${__PACKAGES} gcc-c++" - fi - # shellcheck disable=SC2086 - __dnf_install_noinput ${__PACKAGES} || return 1 - fi + # shellcheck disable=SC2086 + __dnf_install_noinput ${__PACKAGES} || return 1 # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi + _fedora_dep="contextvars" + echodebug "Running '${_PY_EXE} -m pip install --upgrade ${_fedora_dep}'" + ${_PY_EXE} -m pip install --upgrade "${_fedora_dep}" + return 0 } install_fedora_git() { + if [ "${_PY_EXE}" != "" ]; then _PYEXE=${_PY_EXE} echoinfo "Using the following python version: ${_PY_EXE} to install salt" else - _PYEXE='python2' - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 + echoerror "Python 2 is no longer supported, only Py3 packages" + return 1 fi - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - ${_PYEXE} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - else - ${_PYEXE} setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - fi + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 + } install_fedora_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -4308,12 +4026,18 @@ install_fedora_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + # Account for new path for services files in later releases + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" + else + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" + fi + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Salt executables are located under `/usr/local/bin/` on Fedora 36+ - if [ "${DISTRO_VERSION}" -ge 36 ]; then - sed -i -e 's:/usr/bin/:/usr/local/bin/:g' /lib/systemd/system/salt-*.service - fi + #if [ "${DISTRO_VERSION}" -ge 36 ]; then + # sed -i -e 's:/usr/bin/:/usr/local/bin/:g' /lib/systemd/system/salt-*.service + #fi # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4321,10 +4045,12 @@ install_fedora_git_post() { systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload + done } install_fedora_restart_daemons() { + [ $_START_DAEMONS -eq $BS_FALSE ] && return for fname in api master minion syndic; do @@ -4347,6 +4073,7 @@ install_fedora_restart_daemons() { } install_fedora_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4361,150 +4088,169 @@ install_fedora_check_services() { return 0 } -# -# Ended Fedora Install Functions -# -####################################################################################################################### -####################################################################################################################### -# -# CentOS Install Functions -# -__install_epel_repository() { - if [ ${_EPEL_REPOS_INSTALLED} -eq $BS_TRUE ]; then - return 0 +install_fedora_onedir_deps() { + + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then + yum -y update || return 1 fi - # Check if epel repo is already enabled and flag it accordingly - if yum repolist | grep -q "^[!]\\?${_EPEL_REPO}/"; then - _EPEL_REPOS_INSTALLED=$BS_TRUE - return 0 + if [ "$_DISABLE_REPOS" -eq "$BS_TRUE" ] && [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then + echowarn "Detected -r or -R option while installing Salt packages for Python 3." + echowarn "Python 3 packages for older Salt releases requires the EPEL repository to be installed." + echowarn "Installing the EPEL repository automatically is disabled when using the -r or -R options." fi - # Download latest 'epel-next-release' package for the distro version directly - epel_next_repo_url="${HTTP_VAL}://dl.fedoraproject.org/pub/epel/epel-next-release-latest-${DISTRO_MAJOR_VERSION}.noarch.rpm" + if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then + __install_saltstack_fedora_onedir_repository || return 1 + fi - # Download latest 'epel-release' package for the distro version directly - epel_repo_url="${HTTP_VAL}://dl.fedoraproject.org/pub/epel/epel-release-latest-${DISTRO_MAJOR_VERSION}.noarch.rpm" + # If -R was passed, we need to configure custom repo url with rsync-ed packages + # Which is still handled in __install_saltstack_rhel_onedir_repository. This call has + # its own check in case -r was passed without -R. + if [ "$_CUSTOM_REPO_URL" != "null" ]; then + __install_saltstack_fedora_onedir_repository || return 1 + fi - yum -y install "${epel_next_repo_url}" "${epel_repo_url}" + __PACKAGES="dnf-utils chkconfig procps-ng" - _EPEL_REPOS_INSTALLED=$BS_TRUE + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" + + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 + + if [ "${_EXTRA_PACKAGES}" != "" ]; then + echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" + # shellcheck disable=SC2086 + __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 + fi return 0 + } -__install_saltstack_rhel_repository() { - if [ "$ITYPE" = "stable" ]; then - repo_rev="$STABLE_REV" - else - repo_rev="latest" - fi - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi +install_fedora_onedir() { - # Avoid using '$releasever' variable for yum. - # Instead, this should work correctly on all RHEL variants. - base_url="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${repo_rev}/" - if [ "${DISTRO_MAJOR_VERSION}" -eq 7 ]; then - gpg_key="SALTSTACK-GPG-KEY.pub base/RPM-GPG-KEY-CentOS-7" - elif [ "${DISTRO_MAJOR_VERSION}" -ge 9 ]; then - gpg_key="SALTSTACK-GPG-KEY2.pub" + STABLE_REV=$ONEDIR_REV + #install_fedora_stable || return 1 + if [ "$(echo "$STABLE_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # Major version Salt, config and repo already setup + MINOR_VER_STRG="" + elif [ "$(echo "$STABLE_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # Minor version Salt, need to add specific minor version + MINOR_VER_STRG="-$STABLE_REV" else - gpg_key="SALTSTACK-GPG-KEY.pub" + MINOR_VER_STRG="" fi - gpg_key_urls="" - for key in $gpg_key; do - gpg_key_urls=$(printf "${base_url}${key},%s" "$gpg_key_urls") - done - - repo_file="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - cat <<_eof > "$repo_file" -[saltstack] -name=SaltStack ${repo_rev} Release Channel for RHEL/CentOS \$releasever -baseurl=${base_url} -skip_if_unavailable=True -gpgcheck=1 -gpgkey=${gpg_key_urls} -enabled=1 -enabled_metadata=1 -_eof + __PACKAGES="" - fetch_url="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${repo_rev}/" - for key in $gpg_key; do - __rpm_import_gpg "${fetch_url}${key}" || return 1 - done + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then + __PACKAGES="${__PACKAGES} salt-cloud$MINOR_VER_STRG" + fi + if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then + __PACKAGES="${__PACKAGES} salt-master$MINOR_VER_STRG" + fi + if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-minion$MINOR_VER_STRG" + fi + if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then + __PACKAGES="${__PACKAGES} salt-syndic$MINOR_VER_STRG" + fi - yum clean metadata || return 1 - elif [ "$repo_rev" != "latest" ]; then - echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $repo_rev." + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api$MINOR_VER_STRG" fi + # shellcheck disable=SC2086 + dnf makecache || return 1 + __yum_install_noinput ${__PACKAGES} || return 1 + return 0 } -__install_saltstack_rhel_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi +install_fedora_onedir_post() { - __PY_VERSION_REPO="yum" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PY_VERSION_REPO="py3" - fi + STABLE_REV=$ONEDIR_REV - # Avoid using '$releasever' variable for yum. - # Instead, this should work correctly on all RHEL variants. - base_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${ONEDIR_REV}/" - if [ "${DISTRO_MAJOR_VERSION}" -eq 9 ]; then - gpg_key="SALTSTACK-GPG-KEY2.pub" - else - gpg_key="SALTSTACK-GPG-KEY.pub" - fi + for fname in api master minion syndic; do + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue - gpg_key_urls="" - for key in $gpg_key; do - gpg_key_urls=$(printf "${base_url}${key},%s" "$gpg_key_urls") + # Skip if not meant to be installed + [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + + systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) + sleep 1 + systemctl daemon-reload done - repo_file="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - cat <<_eof > "$repo_file" -[saltstack] -name=SaltStack ${repo_rev} Release Channel for RHEL/CentOS \$releasever -baseurl=${base_url} -skip_if_unavailable=True -gpgcheck=1 -gpgkey=${gpg_key_urls} -enabled=1 -enabled_metadata=1 -_eof + return 0 +} - fetch_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" - for key in $gpg_key; do - __rpm_import_gpg "${fetch_url}${key}" || return 1 - done +# +# Ended Fedora Install Functions +# +####################################################################################################################### - yum clean metadata || return 1 - elif [ "$repo_rev" != "latest" ]; then +####################################################################################################################### +# +# CentOS Install Functions +# +__install_saltstack_rhel_onedir_repository() { + + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi + + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default, and latest for 3006.x branch + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # latest version for branch 3006 | 3007 + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # using minor version + echo "[salt-repo-${ONEDIR_REV}-lts]" > "${YUM_REPO_FILE}" + # shellcheck disable=SC2129 + echo "name=Salt Repo for Salt v${ONEDIR_REV} LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 + dnf makecache || return 1 + elif [ "$ONEDIR_REV" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $repo_rev." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 } install_centos_stable_deps() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then yum -y update || return 1 fi @@ -4516,47 +4262,21 @@ install_centos_stable_deps() { fi if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then - __install_epel_repository || return 1 - __install_saltstack_rhel_repository || return 1 + echoerror "old-stable packages are no longer supported and are End-Of-Life." + return 1 fi # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has + # Which is still handled in __install_saltstack_rhel_onedir_repository. This call has # its own check in case -r was passed without -R. if [ "$_CUSTOM_REPO_URL" != "null" ]; then - __install_saltstack_rhel_repository || return 1 + __install_saltstack_rhel_onedir_repository || return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="dnf-utils chkconfig" - else - __PACKAGES="yum-utils chkconfig" - fi + __PACKAGES="yum-utils chkconfig procps-ng findutils" - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - # YAML module is used for generating custom master/minion configs - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python3-pyyaml python3-setuptools" - else - __PACKAGES="${__PACKAGES} python2-pyyaml" - fi - elif [ "$DISTRO_MAJOR_VERSION" -eq 7 ]; then - # YAML module is used for generating custom master/minion configs - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python36-PyYAML python36-setuptools" - else - __PACKAGES="${__PACKAGES} PyYAML" - fi - else - # YAML module is used for generating custom master/minion configs - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __PACKAGES="${__PACKAGES} python34-PyYAML python34-setuptools" - else - __PACKAGES="${__PACKAGES} PyYAML" - fi - fi - fi + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -4567,33 +4287,59 @@ install_centos_stable_deps() { __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 fi - return 0 } install_centos_stable() { + + if [ "$(echo "$STABLE_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # Major version Salt, config and repo already setup + MINOR_VER_STRG="" + elif [ "$(echo "$STABLE_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # Minor version Salt, need to add specific minor version + MINOR_VER_STRG="-$STABLE_REV" + else + MINOR_VER_STRG="" + fi + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" + __PACKAGES="${__PACKAGES} salt-cloud$MINOR_VER_STRG" fi if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-master" + __PACKAGES="${__PACKAGES} salt-master$MINOR_VER_STRG" fi if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" + __PACKAGES="${__PACKAGES} salt-minion$MINOR_VER_STRG" fi if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-syndic" + __PACKAGES="${__PACKAGES} salt-syndic$MINOR_VER_STRG" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api$MINOR_VER_STRG" + fi + + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" + # shellcheck disable=SC2086 + yum makecache || return 1 __yum_install_noinput ${__PACKAGES} || return 1 + # Workaround for 3.11 broken on CentOS Stream 8.x + # Re-install Python 3.6 + _py_version=$(${_PY_EXE} -c "import sys; print('{0}.{1}'.format(*sys.version_info))") + if [ "$DISTRO_MAJOR_VERSION" -eq 8 ] && [ "${_py_version}" = "3.11" ]; then + __yum_install_noinput python3 + fi + return 0 } install_centos_stable_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -4605,7 +4351,7 @@ install_centos_stable_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /bin/systemctl is-enabled salt-${fname}.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-${fname}.service > /dev/null 2>&1 && /bin/systemctl enable salt-${fname}.service > /dev/null 2>&1 @@ -4625,7 +4371,14 @@ install_centos_stable_post() { } install_centos_git_deps() { - install_centos_stable_deps || return 1 + + # First try stable deps then fall back to onedir deps if that one fails + # if we're installing on a Red Hat based host that doesn't have the classic + # package repos available. + # Set ONEDIR_REV to STABLE_REV in case we + # end up calling install_centos_onedir_deps + ONEDIR_REV=${STABLE_REV} + install_centos_onedir_deps || return 1 if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then __yum_install_noinput ca-certificates || return 1 @@ -4635,116 +4388,32 @@ install_centos_git_deps() { __yum_install_noinput git || return 1 fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 __PACKAGES="" if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - # Packages are named python3- - PY_PKG_VER=3 - __PACKAGES="${__PACKAGES} python3" - else - # Packages are named python36- - PY_PKG_VER=36 - __PACKAGES="${__PACKAGES} python36" - fi + # Packages are named python3- + PY_PKG_VER=3 + __PACKAGES="${__PACKAGES} python3" else - PY_PKG_VER="" - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="${__PACKAGES} python2" - elif [ "$DISTRO_MAJOR_VERSION" -eq 6 ]; then - PY_PKG_VER=27 - __PACKAGES="${__PACKAGES} python27" - else - __PACKAGES="${__PACKAGES} python" - fi + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - _install_m2crypto_req=false - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - _py=${_PY_EXE} - if [ "$DISTRO_MAJOR_VERSION" -gt 6 ]; then - _install_m2crypto_req=true - fi - else - if [ "$DISTRO_MAJOR_VERSION" -eq 6 ]; then - _install_m2crypto_req=true - fi - _py="python" - - # Only Py2 needs python-futures - __PACKAGES="${__PACKAGES} python-futures" - - # There is no systemd-python3 package as of this writing - if [ "$DISTRO_MAJOR_VERSION" -ge 7 ]; then - __PACKAGES="${__PACKAGES} systemd-python" - fi - fi - - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __install_tornado_pip ${_py} || return 1 - __PACKAGES="${__PACKAGES} python3-m2crypto" - else - __PACKAGES="${__PACKAGES} m2crypto python${PY_PKG_VER}-crypto" - fi + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-jinja2" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado python${PY_PKG_VER}-zmq" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-libcloud" - fi - - if [ "${_INSTALL_PY}" -eq "${BS_TRUE}" ]; then - # Install Python if "-y" was passed in. - __install_python || return 1 - fi - - if [ "${_PY_EXE}" != "" ] && [ "$_PIP_ALLOWED" -eq "$BS_TRUE" ]; then - # If "-x" is defined, install dependencies with pip based on the Python version given. - _PIP_PACKAGES="m2crypto!=0.33.0 jinja2 msgpack-python pycrypto PyYAML tornado<5.0 zmq futures>=2.0" - - # install swig and openssl on cent6 - if $_install_m2crypto_req; then - __yum_install_noinput openssl-devel swig || return 1 - fi + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # Filter out any commented lines from the requirements file - _REQ_LINES="$(grep '^[^#]' "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - for SINGLE_PACKAGE in ${_PIP_PACKAGES}; do - __REQUIRED_VERSION="$(grep "${SINGLE_PACKAGE}" "${_REQ_LINES}")" - if [ "${__REQUIRED_VERSION}" != "" ]; then - _PIP_PACKAGES=$(echo "$_PIP_PACKAGES" | sed "s/${SINGLE_PACKAGE}/${__REQUIRED_VERSION}/") - fi - done - fi - - if [ "$_INSTALL_CLOUD" -eq "${BS_TRUE}" ]; then - _PIP_PACKAGES="${_PIP_PACKAGES} apache-libcloud" - fi + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 - __install_pip_pkgs "${_PIP_PACKAGES}" "${_PY_EXE}" || return 1 - else - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - else - if [ "${_INSTALL_PY}" -eq "${BS_TRUE}" ] && [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then - # Install Python if "-y" was passed in. - __install_python || return 1 - fi - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi @@ -4752,29 +4421,23 @@ install_centos_git_deps() { } install_centos_git() { + if [ "${_PY_EXE}" != "" ]; then _PYEXE=${_PY_EXE} echoinfo "Using the following python version: ${_PY_EXE} to install salt" else - _PYEXE='python2' + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi echodebug "_PY_EXE: $_PY_EXE" - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - $_PYEXE setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - else - $_PYEXE setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - fi + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 } install_centos_git_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -4785,10 +4448,17 @@ install_centos_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + # Account for new path for services files in later releases + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then + _SERVICE_FILE="${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" + else + _SERVICE_FILE="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" + fi + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then if [ ! -f "/usr/lib/systemd/system/salt-${fname}.service" ] || \ { [ -f "/usr/lib/systemd/system/salt-${fname}.service" ] && [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; }; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" /usr/lib/systemd/system + __copyfile "${_SERVICE_FILE}" /usr/lib/systemd/system fi SYSTEMD_RELOAD=$BS_TRUE @@ -4809,7 +4479,8 @@ install_centos_git_post() { } install_centos_onedir_deps() { - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then + + if [ "$_UPGRADE_SYS" -eq "$BS_TRUE" ]; then yum -y update || return 1 fi @@ -4820,22 +4491,20 @@ install_centos_onedir_deps() { fi if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then - __install_epel_repository || return 1 __install_saltstack_rhel_onedir_repository || return 1 fi # If -R was passed, we need to configure custom repo url with rsync-ed packages - # Which is still handled in __install_saltstack_rhel_repository. This call has - # its own check in case -r was passed without -R. + # Which was still handled in __install_saltstack_rhel_repository, which was for old-stable which + # is removed since End-Of-Life. This call has its own check in case -r was passed without -R. if [ "$_CUSTOM_REPO_URL" != "null" ]; then __install_saltstack_rhel_onedir_repository || return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - __PACKAGES="dnf-utils chkconfig" - else - __PACKAGES="yum-utils chkconfig" - fi + __PACKAGES="yum-utils chkconfig procps-ng findutils" + + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" # shellcheck disable=SC2086 __yum_install_noinput ${__PACKAGES} || return 1 @@ -4846,33 +4515,50 @@ install_centos_onedir_deps() { __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 fi - return 0 } install_centos_onedir() { + + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # Major version Salt, config and repo already setup + MINOR_VER_STRG="" + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # Minor version Salt, need to add specific minor version + MINOR_VER_STRG="-$ONEDIR_REV" + else + MINOR_VER_STRG="" + fi + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" + __PACKAGES="${__PACKAGES} salt-cloud$MINOR_VER_STRG" fi if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-master" + __PACKAGES="${__PACKAGES} salt-master$MINOR_VER_STRG" fi if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" + __PACKAGES="${__PACKAGES} salt-minion$MINOR_VER_STRG" fi if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-syndic" + __PACKAGES="${__PACKAGES} salt-syndic$MINOR_VER_STRG" + fi + + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api$MINOR_VER_STRG" fi # shellcheck disable=SC2086 + dnf makecache || return 1 + dnf list salt-minion || return 1 __yum_install_noinput ${__PACKAGES} || return 1 return 0 } install_centos_onedir_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -4884,7 +4570,7 @@ install_centos_onedir_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /bin/systemctl is-enabled salt-${fname}.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-${fname}.service > /dev/null 2>&1 && /bin/systemctl enable salt-${fname}.service > /dev/null 2>&1 @@ -4904,7 +4590,8 @@ install_centos_onedir_post() { } install_centos_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -4915,26 +4602,11 @@ install_centos_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /sbin/initctl ] && [ -f /etc/init/salt-${fname}.conf ]; then - # We have upstart support and upstart knows about our service - if ! /sbin/initctl status salt-$fname > /dev/null 2>&1; then - # Everything is in place and upstart gave us an error code? Fail! - return 1 - fi - - # upstart knows about this service. - # Let's try to stop it, and then start it - /sbin/initctl stop salt-$fname > /dev/null 2>&1 - # Restart service - if ! /sbin/initctl start salt-$fname > /dev/null 2>&1; then - # Failed the restart?! - return 1 - fi - elif [ -f /etc/init.d/salt-$fname ]; then + if [ -f /etc/init.d/salt-$fname ]; then # Disable stdin to fix shell session hang on killing tee pipe service salt-$fname stop < /dev/null > /dev/null 2>&1 service salt-$fname start < /dev/null - elif [ -f /usr/bin/systemctl ]; then + elif [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # CentOS 7 uses systemd /usr/bin/systemctl stop salt-$fname > /dev/null 2>&1 /usr/bin/systemctl start salt-$fname.service && continue @@ -4948,21 +4620,25 @@ install_centos_restart_daemons() { } install_centos_testing_deps() { + install_centos_stable_deps || return 1 return 0 } install_centos_testing() { + install_centos_stable || return 1 return 0 } install_centos_testing_post() { + install_centos_stable_post || return 1 return 0 } install_centos_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4972,12 +4648,10 @@ install_centos_check_services() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /sbin/initctl ] && [ -f /etc/init/salt-${fname}.conf ]; then - __check_services_upstart salt-$fname || return 1 - elif [ -f /etc/init.d/salt-$fname ]; then - __check_services_sysvinit salt-$fname || return 1 - elif [ -f /usr/bin/systemctl ]; then - __check_services_systemd salt-$fname || return 1 + if [ -f "/etc/init.d/salt-$fname" ]; then + __check_services_sysvinit "salt-$fname" || return 1 + elif [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then + __check_services_systemd "salt-$fname" || return 1 fi done @@ -4993,286 +4667,343 @@ install_centos_check_services() { # RedHat Install Functions # install_red_hat_linux_stable_deps() { + install_centos_stable_deps || return 1 return 0 } install_red_hat_linux_git_deps() { + install_centos_git_deps || return 1 return 0 } install_red_hat_linux_onedir_deps() { + install_centos_onedir_deps || return 1 return 0 } install_red_hat_enterprise_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_linux_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_linux_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_linux_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_server_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_server_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_server_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_workstation_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_workstation_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_workstation_onedir_deps() { + install_red_hat_linux_timat_deps || return 1 return 0 } install_red_hat_linux_stable() { + install_centos_stable || return 1 return 0 } install_red_hat_linux_git() { + install_centos_git || return 1 return 0 } install_red_hat_linux_onedir() { + install_centos_onedir || return 1 return 0 } install_red_hat_enterprise_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_linux_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_linux_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_linux_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_server_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_server_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_server_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_workstation_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_workstation_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_workstation_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_linux_stable_post() { + install_centos_stable_post || return 1 return 0 } install_red_hat_linux_restart_daemons() { + install_centos_restart_daemons || return 1 return 0 } install_red_hat_linux_git_post() { + install_centos_git_post || return 1 return 0 } install_red_hat_enterprise_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_linux_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_linux_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_linux_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_server_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_server_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_server_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_workstation_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_workstation_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_workstation_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_linux_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_linux_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_linux_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_server_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_server_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_server_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_workstation_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_workstation_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_workstation_testing_post() { + install_centos_testing_post || return 1 return 0 } @@ -5286,6 +5017,17 @@ install_red_hat_enterprise_workstation_testing_post() { # Oracle Linux Install Functions # install_oracle_linux_stable_deps() { + + # Install Oracle's EPEL. + if [ "${_EPEL_REPOS_INSTALLED}" -eq $BS_FALSE ]; then + _EPEL_REPO=oracle-epel-release-el${DISTRO_MAJOR_VERSION} + if ! rpm -q "${_EPEL_REPO}" > /dev/null; then + # shellcheck disable=SC2086 + __yum_install_noinput ${_EPEL_REPO} + fi + _EPEL_REPOS_INSTALLED=$BS_TRUE + fi + install_centos_stable_deps || return 1 return 0 } @@ -5335,6 +5077,11 @@ install_oracle_linux_git_post() { return 0 } +install_oracle_linux_onedir_post() { + install_centos_onedir_post || return 1 + return 0 +} + install_oracle_linux_testing_post() { install_centos_testing_post || return 1 return 0 @@ -5356,7 +5103,7 @@ install_oracle_linux_check_services() { ####################################################################################################################### # -# AlmaLinux Install Functions +# ALmaLinux Install Functions # install_almalinux_stable_deps() { install_centos_stable_deps || return 1 @@ -5408,6 +5155,11 @@ install_almalinux_git_post() { return 0 } +install_almalinux_onedir_post() { + install_centos_onedir_post || return 1 + return 0 +} + install_almalinux_testing_post() { install_centos_testing_post || return 1 return 0 @@ -5476,8 +5228,13 @@ install_rocky_linux_stable_post() { return 0 } -install_rocky_linux_git_post() { - install_centos_git_post || return 1 +install_rocky_linux_git_post() { + install_centos_git_post || return 1 + return 0 +} + +install_rocky_linux_onedir_post() { + install_centos_onedir_post || return 1 return 0 } @@ -5554,6 +5311,11 @@ install_scientific_linux_git_post() { return 0 } +install_scientific_linux_onedir_post() { + install_centos_onedir_post || return 1 + return 0 +} + install_scientific_linux_testing_post() { install_centos_testing_post || return 1 return 0 @@ -5646,6 +5408,7 @@ install_cloud_linux_check_services() { # Alpine Linux Install Functions # install_alpine_linux_stable_deps() { + _PIP_INSTALL_ARGS="" if ! grep -q '^[^#].\+alpine/.\+/community' /etc/apk/repositories; then # Add community repository entry based on the "main" repo URL __REPO=$(grep '^[^#].\+alpine/.\+/main\>' /etc/apk/repositories) @@ -5664,41 +5427,24 @@ install_alpine_linux_stable_deps() { } install_alpine_linux_git_deps() { + _PIP_INSTALL_ARGS="" install_alpine_linux_stable_deps || return 1 if ! __check_command_exists git; then apk -U add git || return 1 fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - apk -U add python2 py-virtualenv py2-crypto py2-m2crypto py2-setuptools \ - py2-jinja2 py2-yaml py2-markupsafe py2-msgpack py2-psutil \ - py2-zmq zeromq py2-requests || return 1 - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - apk -U add py2-tornado || return 1 - fi - fi - else - apk -U add python3 python3-dev py3-pip py3-setuptools g++ linux-headers zeromq-dev openrc || return 1 - _PY_EXE=python3 - return 0 - fi - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi + apk -U add python3 python3-dev py3-pip py3-setuptools g++ linux-headers zeromq-dev openrc || return 1 + _PY_EXE=python3 + return 0 } install_alpine_linux_stable() { __PACKAGES="salt" + _PIP_INSTALL_ARGS="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then __PACKAGES="${__PACKAGES} salt-cloud" @@ -5713,26 +5459,23 @@ install_alpine_linux_stable() { __PACKAGES="${__PACKAGES} salt-syndic" fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api" + fi + # shellcheck disable=SC2086 - apk -U add ${__PACKAGES} || return 1 + apk -U add "${__PACKAGES}" || return 1 return 0 } install_alpine_linux_git() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - python2 setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install || return 1 - else - python2 setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 - fi + _PIP_INSTALL_ARGS="" + __install_salt_from_repo "${_PY_EXE}" || return 1 + return 0 } install_alpine_linux_post() { + _PIP_INSTALL_ARGS="" for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -5762,6 +5505,7 @@ install_alpine_linux_post() { } install_alpine_linux_restart_daemons() { + _PIP_INSTALL_ARGS="" [ "${_START_DAEMONS}" -eq $BS_FALSE ] && return for fname in api master minion syndic; do @@ -5780,6 +5524,7 @@ install_alpine_linux_restart_daemons() { } install_alpine_linux_check_services() { + _PIP_INSTALL_ARGS="" for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -5796,6 +5541,7 @@ install_alpine_linux_check_services() { } daemons_running_alpine_linux() { + _PIP_INSTALL_ARGS="" [ "${_START_DAEMONS}" -eq $BS_FALSE ] && return FAILED_DAEMONS=0 @@ -5829,32 +5575,66 @@ daemons_running_alpine_linux() { # Amazon Linux AMI Install Functions # -install_amazon_linux_ami_deps() { - # Shim to figure out if we're using old (rhel) or new (aws) rpms. - _USEAWS=$BS_FALSE - pkg_append="python" +# Support for Amazon Linux 2 +install_amazon_linux_ami_2_git_deps() { + if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then + yum -y install ca-certificates || return 1 + fi - if [ "$ITYPE" = "stable" ]; then - repo_rev="$STABLE_REV" - else - repo_rev="latest" + if [ "$_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi - if echo $repo_rev | grep -E -q '^archive'; then - year=$(echo "$repo_rev" | cut -d '/' -f 2 | cut -c1-4) - else - year=$(echo "$repo_rev" | cut -c1-4) + install_amazon_linux_ami_2_deps || return 1 + + PY_PKG_VER=3 + PIP_EXE='/bin/pip3' + __PACKAGES="python${PY_PKG_VER}-pip" + + if ! __check_command_exists "${PIP_EXE}"; then + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 + fi + + if ! __check_command_exists git; then + __yum_install_noinput git || return 1 + fi + + # shellcheck disable=SC2119 + __git_clone_and_checkout || return 1 + + __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools python${PY_PKG_VER}-devel gcc" + + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" + + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 + + # Let's trigger config_salt() + if [ "$_TEMP_CONFIG_DIR" = "null" ]; then + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" + CONFIG_SALT_FUNC="config_salt" fi - if echo "$repo_rev" | grep -E -q '^(latest|2016\.11)$' || \ - [ "$year" -gt 2016 ]; then - _USEAWS=$BS_TRUE - pkg_append="python27" + return 0 +} + +install_amazon_linux_ami_2_deps() { + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi # We need to install yum-utils before doing anything else when installing on # Amazon Linux ECS-optimized images. See issue #974. - __yum_install_noinput yum-utils + __PACKAGES="yum-utils" + + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" + + __yum_install_noinput ${__PACKAGES} # Do upgrade early if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then @@ -5862,44 +5642,40 @@ install_amazon_linux_ami_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - - # Set a few vars to make life easier. - if [ $_USEAWS -eq $BS_TRUE ]; then - base_url="$HTTP_VAL://${_REPO_URL}/yum/amazon/latest/\$basearch/$repo_rev/" - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - repo_name="SaltStack repo for Amazon Linux" - else - base_url="$HTTP_VAL://${_REPO_URL}/yum/redhat/6/\$basearch/$repo_rev/" - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - repo_name="SaltStack repo for RHEL/CentOS 6" - fi - - # This should prob be refactored to use __install_saltstack_rhel_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[saltstack-repo] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$STABLE_REV" != "latest" ]; then + # 3006.x is default, and latest for 3006.x branch + if [ "$(echo "$STABLE_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # latest version for branch 3006 | 3007 + REPO_REV_MAJOR=$(echo "$STABLE_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + elif [ "$(echo "$STABLE_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # using minor version + echo "[salt-repo-${STABLE_REV}-lts]" > "${YUM_REPO_FILE}" + # shellcheck disable=SC2129 + echo "name=Salt Repo for Salt v${STABLE_REV} LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 + dnf makecache || return 1 fi - - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - # Package python-ordereddict-1.1-2.el6.noarch is obsoleted by python26-2.6.9-2.88.amzn1.x86_64 - # which is already installed - __PACKAGES="m2crypto ${pkg_append}-crypto ${pkg_append}-jinja2 ${pkg_append}-PyYAML" - __PACKAGES="${__PACKAGES} ${pkg_append}-msgpack ${pkg_append}-requests ${pkg_append}-zmq" - __PACKAGES="${__PACKAGES} ${pkg_append}-futures" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 fi if [ "${_EXTRA_PACKAGES}" != "" ]; then @@ -5909,87 +5685,131 @@ _eof fi } -install_amazon_linux_ami_git_deps() { - if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then - yum -y install ca-certificates || return 1 +install_amazon_linux_ami_2_onedir_deps() { + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi + + # We need to install yum-utils before doing anything else when installing on + # Amazon Linux ECS-optimized images. See issue #974. + __PACKAGES="yum-utils" + + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" + + __yum_install_noinput ${__PACKAGES} + + # Do upgrade early + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then + yum -y update || return 1 fi - PIP_EXE='pip' - if __check_command_exists python2.7; then - if ! __check_command_exists pip2.7; then - if ! __check_command_exists easy_install-2.7; then - __yum_install_noinput python27-setuptools + if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default, and latest for 3006.x branch + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # latest version for branch 3006 | 3007 + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # using minor version + echo "[salt-repo-${ONEDIR_REV}-lts]" > "${YUM_REPO_FILE}" + # shellcheck disable=SC2129 + echo "name=Salt Repo for Salt v${ONEDIR_REV} LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest fi - /usr/bin/easy_install-2.7 pip || return 1 + dnf clean expire-cache || return 1 + dnf makecache || return 1 fi - PIP_EXE='/usr/local/bin/pip2.7' - _PY_EXE='python2.7' fi - install_amazon_linux_ami_deps || return 1 - - if ! __check_command_exists git; then - __yum_install_noinput git || return 1 + if [ "${_EXTRA_PACKAGES}" != "" ]; then + echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" + # shellcheck disable=SC2086 + __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 fi +} - __git_clone_and_checkout || return 1 +install_amazon_linux_ami_2_stable() { + install_centos_stable || return 1 + return 0 +} - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __PACKAGES="" - __PIP_PACKAGES="" +install_amazon_linux_ami_2_stable_post() { + install_centos_stable_post || return 1 + return 0 +} - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __check_pip_allowed "You need to allow pip based installations (-P) in order to install apache-libcloud" - __PACKAGES="${__PACKAGES} python27-pip" - __PIP_PACKAGES="${__PIP_PACKAGES} apache-libcloud>=$_LIBCLOUD_MIN_VERSION" - fi +install_amazon_linux_ami_2_restart_daemons() { + install_centos_restart_daemons || return 1 + return 0 +} - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} ${pkg_append}-tornado" - fi - fi +install_amazon_linux_ami_2_git() { + install_centos_git || return 1 + return 0 +} - if [ "${__PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi +install_amazon_linux_ami_2_git_post() { + install_centos_git_post || return 1 + return 0 +} - if [ "${__PIP_PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - ${PIP_EXE} install ${__PIP_PACKAGES} || return 1 - fi - else - __PACKAGES="python27-pip python27-setuptools python27-devel gcc" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi +install_amazon_linux_ami_2_testing() { + install_centos_testing || return 1 + return 0 +} - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi +install_amazon_linux_ami_2_testing_post() { + install_centos_testing_post || return 1 + return 0 +} + +install_amazon_linux_ami_2_check_services() { + install_centos_check_services || return 1 + return 0 +} +install_amazon_linux_ami_2_onedir() { + install_centos_stable || return 1 return 0 } -install_amazon_linux_ami_2_git_deps() { +install_amazon_linux_ami_2_onedir_post() { + install_centos_stable_post || return 1 + return 0 +} + +# Support for Amazon Linux 2023 +# the following code needs adjustment to allow for 2023, 2024, 2025, etc - 2023 for now +install_amazon_linux_ami_2023_git_deps() { if [ "$_INSECURE_DL" -eq $BS_FALSE ] && [ "${_SALT_REPO_URL%%://*}" = "https" ]; then yum -y install ca-certificates || return 1 fi - install_amazon_linux_ami_2_deps || return 1 + install_amazon_linux_ami_2023_onedir_deps || return 1 - if [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - PIP_EXE='/bin/pip' - else - PY_PKG_VER=3 - PIP_EXE='/bin/pip3' - fi + PY_PKG_VER=3 + PIP_EXE='/bin/pip3' __PACKAGES="python${PY_PKG_VER}-pip" if ! __check_command_exists "${PIP_EXE}"; then @@ -6001,181 +5821,36 @@ install_amazon_linux_ami_2_git_deps() { __yum_install_noinput git || return 1 fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - __PACKAGES="" - __PIP_PACKAGES="" - - if [ "$_INSTALL_CLOUD" -eq "$BS_TRUE" ]; then - __check_pip_allowed "You need to allow pip based installations (-P) in order to install apache-libcloud" - if [ "$PARSED_VERSION" -eq "2" ]; then - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq "3" ]; then - __PACKAGES="${__PACKAGES} python3-pip" - __PIP_PACKAGES="${__PIP_PACKAGES} tornado<$_TORNADO_MAX_PY3_VERSION" - else - __PACKAGES="${__PACKAGES} python2-pip" - fi - else - __PACKAGES="${__PACKAGES} python27-pip" - fi - __PIP_PACKAGES="${__PIP_PACKAGES} apache-libcloud>=$_LIBCLOUD_MIN_VERSION" - fi - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq "3" ]; then - __PIP_PACKAGES="${__PIP_PACKAGES} tornado<$_TORNADO_MAX_PY3_VERSION" - else - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-tornado" - fi - fi - fi - - if [ "${__PIP_PACKAGES}" != "" ]; then - __check_pip_allowed "You need to allow pip based installations (-P) in order to install ${__PIP_PACKAGES}" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pip" - fi + __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools python${PY_PKG_VER}-devel gcc" - if [ "${__PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" - if [ "${__PIP_PACKAGES}" != "" ]; then - # shellcheck disable=SC2086 - ${PIP_EXE} install ${__PIP_PACKAGES} || return 1 - fi - else - __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools python${PY_PKG_VER}-devel gcc" - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi + # shellcheck disable=SC2086 + __yum_install_noinput ${__PACKAGES} || return 1 # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi return 0 } -install_amazon_linux_ami_2_deps() { - # Shim to figure out if we're using old (rhel) or new (aws) rpms. - _USEAWS=$BS_FALSE - pkg_append="python" - - if [ "$ITYPE" = "stable" ]; then - repo_rev="$STABLE_REV" - else - repo_rev="latest" - fi - - if echo $repo_rev | grep -E -q '^archive'; then - year=$(echo "$repo_rev" | cut -d '/' -f 2 | cut -c1-4) - else - year=$(echo "$repo_rev" | cut -c1-4) - fi - - if echo "$repo_rev" | grep -E -q '^(latest|2016\.11)$' || \ - [ "$year" -gt 2016 ]; then - _USEAWS=$BS_TRUE - pkg_append="python" - fi +install_amazon_linux_ami_2023_onedir_deps() { # We need to install yum-utils before doing anything else when installing on # Amazon Linux ECS-optimized images. See issue #974. - __yum_install_noinput yum-utils - - # Do upgrade early - if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then - yum -y update || return 1 - fi - - if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="yum" - PY_PKG_VER="" - repo_label="saltstack-repo" - repo_name="SaltStack repo for Amazon Linux 2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="py3" - PY_PKG_VER=3 - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2" - fi - - base_url="$HTTP_VAL://${_REPO_URL}/${__PY_VERSION_REPO}/amazon/2/\$basearch/$repo_rev/" - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub,${base_url}base/RPM-GPG-KEY-CentOS-7" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - fi - - # This should prob be refactored to use __install_saltstack_rhel_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof - fi - - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - # Package python-ordereddict-1.1-2.el6.noarch is obsoleted by python26-2.6.9-2.88.amzn1.x86_64 - # which is already installed - if [ -n "${PY_PKG_VER}" ] && [ "${PY_PKG_VER}" -eq 3 ]; then - __PACKAGES="${pkg_append}${PY_PKG_VER}-m2crypto ${pkg_append}${PY_PKG_VER}-pyyaml" - else - __PACKAGES="m2crypto PyYAML ${pkg_append}-futures" - fi - - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-crypto ${pkg_append}${PY_PKG_VER}-jinja2 procps-ng" - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-msgpack ${pkg_append}${PY_PKG_VER}-requests ${pkg_append}${PY_PKG_VER}-zmq" - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __yum_install_noinput ${_EXTRA_PACKAGES} || return 1 - fi -} - -install_amazon_linux_ami_2_onedir_deps() { - # Shim to figure out if we're using old (rhel) or new (aws) rpms. - _USEAWS=$BS_FALSE - pkg_append="python" + __PACKAGES="yum-utils" - if [ "$ITYPE" = "onedir" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi - - if echo $repo_rev | grep -E -q '^archive'; then - year=$(echo "$repo_rev" | cut -d '/' -f 2 | cut -c1-4) - else - year=$(echo "$repo_rev" | cut -c1-4) - fi + # ensure sudo installed + __PACKAGES="${__PACKAGES} sudo" - # We need to install yum-utils before doing anything else when installing on - # Amazon Linux ECS-optimized images. See issue #974. - __yum_install_noinput yum-utils + __yum_install_noinput ${__PACKAGES} # Do upgrade early if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then @@ -6183,56 +5858,40 @@ install_amazon_linux_ami_2_onedir_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="yum" - PY_PKG_VER="" - repo_label="saltstack-repo" - repo_name="SaltStack repo for Amazon Linux 2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="py3" - PY_PKG_VER=3 - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2" - fi - - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/$repo_rev/" - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub,${base_url}base/RPM-GPG-KEY-CentOS-7" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - gpg_key="${base_url}SALTSTACK-GPG-KEY.pub" - fi - - # This should prob be refactored to use __install_saltstack_rhel_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof - fi - - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - # Package python-ordereddict-1.1-2.el6.noarch is obsoleted by python26-2.6.9-2.88.amzn1.x86_64 - # which is already installed - if [ -n "${PY_PKG_VER}" ] && [ "${PY_PKG_VER}" -eq 3 ]; then - __PACKAGES="${pkg_append}${PY_PKG_VER}-m2crypto ${pkg_append}${PY_PKG_VER}-pyyaml" - else - __PACKAGES="m2crypto PyYAML ${pkg_append}-futures" + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default, and latest for 3006.x branch + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # latest version for branch 3006 | 3007 + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # using minor version + echo "[salt-repo-${ONEDIR_REV}-lts]" > "${YUM_REPO_FILE}" + # shellcheck disable=SC2129 + echo "name=Salt Repo for Salt v${ONEDIR_REV} LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 + dnf makecache || return 1 fi - - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-crypto ${pkg_append}${PY_PKG_VER}-jinja2 procps-ng" - __PACKAGES="${__PACKAGES} ${pkg_append}${PY_PKG_VER}-msgpack ${pkg_append}${PY_PKG_VER}-requests ${pkg_append}${PY_PKG_VER}-zmq" - - # shellcheck disable=SC2086 - __yum_install_noinput ${__PACKAGES} || return 1 fi if [ "${_EXTRA_PACKAGES}" != "" ]; then @@ -6242,87 +5901,52 @@ _eof fi } -install_amazon_linux_ami_stable() { - install_centos_stable || return 1 - return 0 -} - -install_amazon_linux_ami_stable_post() { - install_centos_stable_post || return 1 - return 0 -} - -install_amazon_linux_ami_restart_daemons() { - install_centos_restart_daemons || return 1 - return 0 -} - -install_amazon_linux_ami_git() { - install_centos_git || return 1 - return 0 -} - -install_amazon_linux_ami_git_post() { - install_centos_git_post || return 1 - return 0 -} - -install_amazon_linux_ami_testing() { - install_centos_testing || return 1 - return 0 -} - -install_amazon_linux_ami_testing_post() { - install_centos_testing_post || return 1 - return 0 -} - -install_amazon_linux_ami_2_stable() { +install_amazon_linux_ami_2023_stable() { install_centos_stable || return 1 return 0 } -install_amazon_linux_ami_2_stable_post() { +install_amazon_linux_ami_2023_stable_post() { install_centos_stable_post || return 1 return 0 } -install_amazon_linux_ami_2_restart_daemons() { +install_amazon_linux_ami_2023_restart_daemons() { install_centos_restart_daemons || return 1 return 0 } -install_amazon_linux_ami_2_git() { +install_amazon_linux_ami_2023_git() { install_centos_git || return 1 return 0 } -install_amazon_linux_ami_2_git_post() { +install_amazon_linux_ami_2023_git_post() { install_centos_git_post || return 1 return 0 } -install_amazon_linux_ami_2_testing() { +install_amazon_linux_ami_2023_testing() { install_centos_testing || return 1 return 0 } -install_amazon_linux_ami_2_testing_post() { +install_amazon_linux_ami_2023_testing_post() { install_centos_testing_post || return 1 return 0 } -install_amazon_linux_ami_2_check_services() { +install_amazon_linux_ami_2023_check_services() { install_centos_check_services || return 1 return 0 } -install_amazon_linux_ami_2_onedir() { +install_amazon_linux_ami_2023_onedir() { install_centos_stable || return 1 return 0 } -install_amazon_linux_ami_2_onedir_post() { +install_amazon_linux_ami_2023_onedir_post() { install_centos_stable_post || return 1 return 0 } @@ -6354,7 +5978,8 @@ install_arch_linux_stable_deps() { fi if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 + echoerror "Python 2 is no longer supported, only Python 3" + return 1 else PY_PKG_VER="" fi @@ -6362,6 +5987,7 @@ install_arch_linux_stable_deps() { # YAML module is used for generating custom master/minion configs # shellcheck disable=SC2086 pacman -Su --noconfirm --needed python${PY_PKG_VER}-yaml + pacman -Su --noconfirm --needed python${PY_PKG_VER}-tornado if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then # shellcheck disable=SC2086 @@ -6383,41 +6009,34 @@ install_arch_linux_git_deps() { pacman -Sy --noconfirm --needed git || return 1 fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - pacman -R --noconfirm python2-distribute - pacman -Su --noconfirm --needed python2-crypto python2-setuptools python2-jinja \ - python2-m2crypto python2-markupsafe python2-msgpack python2-psutil \ - python2-pyzmq zeromq python2-requests python2-systemd || return 1 - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - pacman -Su --noconfirm --needed python2-tornado - fi - fi + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 else - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - else - PY_PKG_VER="" - fi - __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - # shellcheck disable=SC2086 - pacman -Su --noconfirm --needed ${__PACKAGES} + PY_PKG_VER="" fi + __PACKAGES="python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" + + # shellcheck disable=SC2086 + pacman -Su --noconfirm --needed ${__PACKAGES} + # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi return 0 } +install_arch_linux_onedir_deps() { + install_arch_linux_stable_deps || return 1 +} + install_arch_linux_stable() { # Pacman does not resolve dependencies on outdated versions # They always need to be updated @@ -6435,17 +6054,16 @@ install_arch_linux_stable() { } install_arch_linux_git() { - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then - python2 setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install || return 1 - else - python2 setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 - fi + _PIP_INSTALL_ARGS="${_PIP_INSTALL_ARGS} --use-pep517" + _PIP_DOWNLOAD_ARGS="${_PIP_DOWNLOAD_ARGS} --use-pep517" + + __install_salt_from_repo "${_PY_EXE}" || return 1 + return 0 } @@ -6469,7 +6087,7 @@ install_arch_linux_post() { # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Using systemd /usr/bin/systemctl is-enabled salt-$fname.service > /dev/null 2>&1 || ( /usr/bin/systemctl preset salt-$fname.service > /dev/null 2>&1 && @@ -6493,8 +6111,15 @@ install_arch_linux_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /usr/bin/systemctl ]; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + # Account for new path for services files in later releases + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" + else + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" + fi + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -6515,7 +6140,7 @@ install_arch_linux_git_post() { } install_arch_linux_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -6526,7 +6151,7 @@ install_arch_linux_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /usr/bin/systemctl stop salt-$fname.service > /dev/null 2>&1 /usr/bin/systemctl start salt-$fname.service && continue echodebug "Failed to start salt-$fname using systemd" @@ -6542,7 +6167,7 @@ install_arch_linux_restart_daemons() { } install_arch_check_services() { - if [ ! -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Not running systemd!? Don't check! return 0 fi @@ -6561,6 +6186,18 @@ install_arch_check_services() { return 0 } + +install_arch_linux_onedir() { + install_arch_linux_stable || return 1 + + return 0 +} + +install_arch_linux_onedir_post() { + install_arch_linux_post || return 1 + + return 0 +} # # Ended Arch Install Functions # @@ -6568,260 +6205,292 @@ install_arch_check_services() { ####################################################################################################################### # -# FreeBSD Install Functions +# Photon OS Install Functions # -# Using a separate conf step to head for idempotent install... -__configure_freebsd_pkg_details() { - _SALT_ETC_DIR="/usr/local/etc/salt" - _PKI_DIR=${_SALT_ETC_DIR}/pki - _POST_NEON_PIP_INSTALL_ARGS="--prefix=/usr/local" -} +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __rpm_get_packagesite_onedir_latest +# DESCRIPTION: Set _GENERIC_PKG_VERSION to the latest for RPM or latest for major version input +#---------------------------------------------------------------------------------------------------------------------- +__get_packagesite_onedir_latest() { -install_freebsd_deps() { - __configure_freebsd_pkg_details - pkg install -y pkg -} + echodebug "Find latest rpm release from repository" -install_freebsd_git_deps() { - install_freebsd_deps || return 1 + # get dir listing from url, sort and pick highest + generic_versions_tmpdir=$(mktemp -d) + curr_pwd=$(pwd) + cd ${generic_versions_tmpdir} || return 1 - if ! __check_command_exists git; then - /usr/local/sbin/pkg install -y git || return 1 + # leverage the windows directories since release Windows and Linux + wget -q -r -np -nH --exclude-directories=onedir,relenv,macos -x -l 1 "https://${_REPO_URL}/saltproject-generic/windows/" + if [ "$#" -gt 0 ] && [ -n "$1" ]; then + MAJOR_VER="$1" + # shellcheck disable=SC2010 + _GENERIC_PKG_VERSION=$(ls artifactory/saltproject-generic/windows/ | grep -v 'index.html' | sort -V -u | grep -E "$MAJOR_VER" | tail -n 1) + else + # shellcheck disable=SC2010 + _GENERIC_PKG_VERSION=$(ls artifactory/saltproject-generic/windows/ | grep -v 'index.html' | sort -V -u | tail -n 1) fi - __git_clone_and_checkout || return 1 + cd ${curr_pwd} || return "${_GENERIC_PKG_VERSION}" + rm -fR ${generic_versions_tmpdir} - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then + echodebug "latest rpm release from repository found ${_GENERIC_PKG_VERSION}" - SALT_DEPENDENCIES=$(/usr/local/sbin/pkg rquery %dn py39-salt) - # shellcheck disable=SC2086 - /usr/local/sbin/pkg install -y ${SALT_DEPENDENCIES} python || return 1 +} - /usr/local/sbin/pkg install -y py39-requests || return 1 - /usr/local/sbin/pkg install -y py39-tornado4 || return 1 - else - /usr/local/sbin/pkg install -y python py39-pip py39-setuptools libzmq4 libunwind || return 1 - fi - - echodebug "Adapting paths to FreeBSD" - # The list of files was taken from Salt's BSD port Makefile - for file in doc/man/salt-key.1 doc/man/salt-cp.1 doc/man/salt-minion.1 \ - doc/man/salt-syndic.1 doc/man/salt-master.1 doc/man/salt-run.1 \ - doc/man/salt.7 doc/man/salt.1 doc/man/salt-call.1; do - [ ! -f $file ] && continue - echodebug "Patching ${file}" - sed -in -e "s|/etc/salt|${_SALT_ETC_DIR}|" \ - -e "s|/srv/salt|${_SALT_ETC_DIR}/states|" \ - -e "s|/srv/pillar|${_SALT_ETC_DIR}/pillar|" ${file} - done - if [ ! -f salt/syspaths.py ]; then - # We still can't provide the system paths, salt 0.16.x - # Let's patch salt's source and adapt paths to what's expected on FreeBSD - echodebug "Replacing occurrences of '/etc/salt' with ${_SALT_ETC_DIR}" - # The list of files was taken from Salt's BSD port Makefile - for file in conf/minion conf/master salt/config.py salt/client.py \ - salt/modules/mysql.py salt/utils/parsers.py salt/modules/tls.py \ - salt/modules/postgres.py salt/utils/migrations.py; do - [ ! -f $file ] && continue - echodebug "Patching ${file}" - sed -in -e "s|/etc/salt|${_SALT_ETC_DIR}|" \ - -e "s|/srv/salt|${_SALT_ETC_DIR}/states|" \ - -e "s|/srv/pillar|${_SALT_ETC_DIR}/pillar|" ${file} - done - fi - echodebug "Finished patching" +__install_saltstack_photon_onedir_repository() { + echodebug "__install_saltstack_photon_onedir_repository() entry" - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + ## Photon tdnf doesn't support config-manager + ## FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + ## __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + # shellcheck disable=SC2129 + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default, and latest for 3006.x branch + if [ "$(echo "$ONEDIR_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # latest version for branch 3006 | 3007 + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + ## tdnf config-manager --set-disable salt-repo-* + ## tdnf config-manager --set-enabled salt-repo-3007-sts + echo "[salt-repo-3007-sts]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt v3007 STS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "exclude=*3006* *3008* *3009* *3010*" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + else + # Salt 3006 repo + echo "[salt-repo-3006-lts]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt v3006 LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "exclude=*3007* *3008* *3009* *3010*" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + elif [ "$(echo "$ONEDIR_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # using minor version + echo "[salt-repo-${ONEDIR_REV}-lts]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt v${ONEDIR_REV} LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + ## tdnf config-manager --set-disable salt-repo-* + ## tdnf config-manager --set-enabled salt-repo-latest + echo "[salt-repo-latest]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt LATEST release" >> "${YUM_REPO_FILE}" + echo "baseurl=https://${_REPO_URL}/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + tdnf makecache || return 1 + elif [ "$ONEDIR_REV" != "latest" ]; then + echowarn "salt.repo already exists, ignoring salt version argument." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 } -install_freebsd_stable() { -# -# installing latest version of salt from FreeBSD CURRENT ports repo -# - # shellcheck disable=SC2086 - /usr/local/sbin/pkg install -y py39-salt || return 1 +install_photon_deps() { + echodebug "install_photon_deps() entry" - return 0 -} + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi -install_freebsd_git() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then + tdnf -y update || return 1 + fi - # /usr/local/bin/python3 in FreeBSD is a symlink to /usr/local/bin/python3.7 - __PYTHON_PATH=$(readlink -f "$(command -v python3)") - __ESCAPED_PYTHON_PATH=$(echo "${__PYTHON_PATH}" | sed 's/\//\\\//g') + __PACKAGES="${__PACKAGES:=}" + PY_PKG_VER=3 - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${__PYTHON_PATH}" || return 1 - for script in salt_api salt_master salt_minion salt_proxy salt_syndic; do - __fetch_url "/usr/local/etc/rc.d/${script}" "https://raw.githubusercontent.com/freebsd/freebsd-ports/master/sysutils/py-salt/files/${script}.in" || return 1 - sed -i '' 's/%%PREFIX%%/\/usr\/local/g' /usr/local/etc/rc.d/${script} - sed -i '' "s/%%PYTHON_CMD%%/${__ESCAPED_PYTHON_PATH}/g" /usr/local/etc/rc.d/${script} - chmod +x /usr/local/etc/rc.d/${script} || return 1 - done + __PACKAGES="${__PACKAGES} libyaml procps-ng python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-msgpack python${PY_PKG_VER}-requests python${PY_PKG_VER}-zmq" + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pip python${PY_PKG_VER}-m2crypto python${PY_PKG_VER}-pyyaml" + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-systemd sudo shadow" - return 0 + if [ "${_EXTRA_PACKAGES}" != "" ]; then + echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" fi - # Install from git - if [ ! -f salt/syspaths.py ]; then - # We still can't provide the system paths, salt 0.16.x - ${__PYTHON_PATH} setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 - else - ${__PYTHON_PATH} setup.py \ - --salt-root-dir=/ \ - --salt-config-dir="${_SALT_ETC_DIR}" \ - --salt-cache-dir="${_SALT_CACHE_DIR}" \ - --salt-sock-dir=/var/run/salt \ - --salt-srv-root-dir="${_SALT_ETC_DIR}" \ - --salt-base-file-roots-dir="${_SALT_ETC_DIR}/states" \ - --salt-base-pillar-roots-dir="${_SALT_ETC_DIR}/pillar" \ - --salt-base-master-roots-dir="${_SALT_ETC_DIR}/salt-master" \ - --salt-logs-dir=/var/log/salt \ - --salt-pidfile-dir=/var/run \ - ${SETUP_PY_INSTALL_ARGS} install \ - || return 1 - fi - - for script in salt_api salt_master salt_minion salt_proxy salt_syndic; do - __fetch_url "/usr/local/etc/rc.d/${script}" "https://raw.githubusercontent.com/freebsd/freebsd-ports/master/sysutils/py-salt/files/${script}.in" || return 1 - sed -i '' 's/%%PREFIX%%/\/usr\/local/g' /usr/local/etc/rc.d/${script} - sed -i '' "s/%%PYTHON_CMD%%/${__ESCAPED_PYTHON_PATH}/g" /usr/local/etc/rc.d/${script} - chmod +x /usr/local/etc/rc.d/${script} || return 1 - done + # shellcheck disable=SC2086 + __tdnf_install_noinput ${__PACKAGES} ${_EXTRA_PACKAGES} || return 1 - # And we're good to go return 0 } -install_freebsd_stable_post() { +install_photon_stable_post() { + echodebug "install_photon_stable_post() entry" + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - enable_string="salt_${fname}_enable=YES" - grep "$enable_string" /etc/rc.conf >/dev/null 2>&1 - [ $? -eq 1 ] && sysrc $enable_string - + systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) + sleep 1 + systemctl daemon-reload done } -install_freebsd_git_post() { - install_freebsd_stable_post || return 1 - return 0 -} +install_photon_git_deps() { + echodebug "install_photon_git_deps() entry" -install_freebsd_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue + # Packages are named python3- + PY_PKG_VER=3 - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + __PACKAGES="" + if ! __check_command_exists ps; then + __PACKAGES="${__PACKAGES} procps-ng" + fi - service salt_$fname stop > /dev/null 2>&1 - service salt_$fname start - done -} -# -# Ended FreeBSD Install Functions -# -####################################################################################################################### + if ! __check_command_exists git; then + __PACKAGES="${__PACKAGES} git" + fi -####################################################################################################################### -# -# OpenBSD Install Functions -# + if ! __check_command_exists sudo; then + __PACKAGES="${__PACKAGES} sudo" + fi -install_openbsd_deps() { - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then - OPENBSD_REPO='https://cdn.openbsd.org/pub/OpenBSD' - echoinfo "setting package repository to $OPENBSD_REPO" - echo "${OPENBSD_REPO}" >/etc/installurl || return 1 + if ! __check_command_exists usermod; then + __PACKAGES="${__PACKAGES} shadow" fi - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" + if [ -n "${__PACKAGES}" ]; then # shellcheck disable=SC2086 - pkg_add -I -v ${_EXTRA_PACKAGES} || return 1 + __tdnf_install_noinput ${__PACKAGES} || return 1 + __PACKAGES="" fi - return 0 -} -install_openbsd_git_deps() { - install_openbsd_deps || return 1 + # shellcheck disable=SC2119 + __git_clone_and_checkout || return 1 - if ! __check_command_exists git; then - pkg_add -I -v git || return 1 + __PACKAGES="python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc glibc-devel linux-devel.x86_64 cython${PY_PKG_VER}" + + echodebug "install_photon_git_deps() distro major version, ${DISTRO_MAJOR_VERSION}" + + ## Photon 5 container is missing systemd on default installation + if [ "${DISTRO_MAJOR_VERSION}" -lt 5 ]; then + __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado" fi - __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - pkg_add -I -v py3-pip py3-setuptools + # shellcheck disable=SC2086 + __tdnf_install_noinput ${__PACKAGES} || return 1 + + if [ "${DISTRO_MAJOR_VERSION}" -gt 3 ]; then + # Need newer version of setuptools on Photon + _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION},<${_MAXIMUM_SETUPTOOLS_VERSION}" + echodebug "Running '${_PY_EXE} -m pip install --upgrade ${_setuptools_dep}'" + ${_PY_EXE} -m pip install --upgrade "${_setuptools_dep}" fi - # # Let's trigger config_salt() - # if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi return 0 } -install_openbsd_git() { - # - # Install from git - # - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 +install_photon_git() { + echodebug "install_photon_git() entry" + + if [ "${_PY_EXE}" != "" ]; then + _PYEXE=${_PY_EXE} + echoinfo "Using the following python version: ${_PY_EXE} to install salt" + else + echoerror "Python 2 is no longer supported, only Python 3" + return 1 fi - if [ ! -f salt/syspaths.py ]; then - # We still can't provide the system paths, salt 0.16.x - /usr/local/bin/python2.7 setup.py ${SETUP_PY_INSTALL_ARGS} install || return 1 + install_photon_git_deps + + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/salt/syspaths.py" ]; then + ${_PYEXE} setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 + else + ${_PYEXE} setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 fi return 0 } -install_openbsd_stable() { - pkg_add -r -I -v salt || return 1 - return 0 -} +install_photon_git_post() { + echodebug "install_photon_git_post() entry" -install_openbsd_post() { for fname in api master minion syndic; do - [ $fname = "api" ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + # Skip if not meant to be installed + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - rcctl enable salt_$fname - done + # Account for new path for services files in later releases + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" + else + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" + fi + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" - return 0 + # Salt executables are located under `/usr/local/bin/` on Fedora 36+ + #if [ "${DISTRO_VERSION}" -ge 36 ]; then + # sed -i -e 's:/usr/bin/:/usr/local/bin/:g' /lib/systemd/system/salt-*.service + #fi + + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue + + systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) + sleep 1 + systemctl daemon-reload + done } -install_openbsd_check_services() { +install_photon_restart_daemons() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return + echodebug "install_photon_restart_daemons() entry" + + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -6829,18 +6498,20 @@ install_openbsd_check_services() { # Skip if not meant to be installed [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && continue + [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /etc/rc.d/salt_${fname} ]; then - __check_services_openbsd salt_${fname} || return 1 + systemctl stop salt-$fname > /dev/null 2>&1 + systemctl start salt-$fname.service && continue + echodebug "Failed to start salt-$fname using systemd" + if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then + systemctl status salt-$fname.service + journalctl -xe fi done - - return 0 } -install_openbsd_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return +install_photon_check_services() { + echodebug "install_photon_check_services() entry" for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -6851,217 +6522,110 @@ install_openbsd_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - rcctl restart salt_${fname} + __check_services_systemd salt-$fname || return 1 done return 0 -} - -# -# Ended OpenBSD Install Functions -# -####################################################################################################################### - -####################################################################################################################### -# -# SmartOS Install Functions -# -install_smartos_deps() { - smartos_deps="$(pkgin show-deps salt | grep '^\s' | grep -v '\snot' | xargs) py27-m2crypto" - pkgin -y install "${smartos_deps}" || return 1 - - # Set _SALT_ETC_DIR to SmartOS default if they didn't specify - _SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/opt/local/etc/salt} - # We also need to redefine the PKI directory - _PKI_DIR=${_SALT_ETC_DIR}/pki - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - # Let's set the configuration directory to /tmp - _TEMP_CONFIG_DIR="/tmp" - CONFIG_SALT_FUNC="config_salt" - - # Let's download, since they were not provided, the default configuration files - if [ ! -f "$_SALT_ETC_DIR/minion" ] && [ ! -f "$_TEMP_CONFIG_DIR/minion" ]; then - # shellcheck disable=SC2086 - curl $_CURL_ARGS -s -o "$_TEMP_CONFIG_DIR/minion" -L \ - https://raw.githubusercontent.com/saltstack/salt/master/conf/minion || return 1 - fi - if [ ! -f "$_SALT_ETC_DIR/master" ] && [ ! -f $_TEMP_CONFIG_DIR/master ]; then - # shellcheck disable=SC2086 - curl $_CURL_ARGS -s -o "$_TEMP_CONFIG_DIR/master" -L \ - https://raw.githubusercontent.com/saltstack/salt/master/conf/master || return 1 - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - pkgin -y install py27-apache-libcloud || return 1 - fi - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - pkgin -y install ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 -} - -install_smartos_git_deps() { - install_smartos_deps || return 1 - - if ! __check_command_exists git; then - pkgin -y install git || return 1 - fi - - __git_clone_and_checkout || return 1 - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then +} - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # Install whichever tornado is in the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - __check_pip_allowed "You need to allow pip based installations (-P) in order to install the python package '${__REQUIRED_TORNADO}'" +install_photon_onedir_deps() { + echodebug "install_photon_onedir_deps() entry" - # Install whichever futures is in the requirements file - __REQUIRED_FUTURES="$(grep futures "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - __check_pip_allowed "You need to allow pip based installations (-P) in order to install the python package '${__REQUIRED_FUTURES}'" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - if ! __check_command_exists pip; then - pkgin -y install py27-pip - fi - pip install -U "${__REQUIRED_TORNADO}" - fi + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then + tdnf -y update || return 1 + fi - if [ "${__REQUIRED_FUTURES}" != "" ]; then - if ! __check_command_exists pip; then - pkgin -y install py27-pip - fi - pip install -U "${__REQUIRED_FUTURES}" - fi - fi - else - if ! __check_command_exists pip; then - pkgin -y install py27-pip - fi - pkgin -y install py27-setuptools + if [ "$_DISABLE_REPOS" -eq "$BS_TRUE" ] && [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then + echowarn "Detected -r or -R option while installing Salt packages for Python 3." + echowarn "Python 3 packages for older Salt releases requires the EPEL repository to be installed." + echowarn "Installing the EPEL repository automatically is disabled when using the -r or -R options." fi - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" + if [ "$_DISABLE_REPOS" -eq "$BS_FALSE" ]; then + __install_saltstack_photon_onedir_repository || return 1 fi - return 0 -} + # If -R was passed, we need to configure custom repo url with rsync-ed packages + # Which was handled in __install_saltstack_rhel_repository buu that hanlded old-stable which is for + # releases which are End-Of-Life. This call has its own check in case -r was passed without -R. + if [ "$_CUSTOM_REPO_URL" != "null" ]; then + __install_saltstack_photon_onedir_repository || return 1 + fi -install_smartos_stable() { - pkgin -y install salt || return 1 - return 0 -} + __PACKAGES="procps-ng sudo shadow" -install_smartos_git() { + # shellcheck disable=SC2086 + __tdnf_install_noinput ${__PACKAGES} || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 + if [ "${_EXTRA_PACKAGES}" != "" ]; then + echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" + # shellcheck disable=SC2086 + __tdnf_install_noinput ${_EXTRA_PACKAGES} || return 1 fi - # Use setuptools in order to also install dependencies - # lets force our config path on the setup for now, since salt/syspaths.py only got fixed in 2015.5.0 - USE_SETUPTOOLS=1 /opt/local/bin/python setup.py --salt-config-dir="$_SALT_ETC_DIR" --salt-cache-dir="${_SALT_CACHE_DIR}" ${SETUP_PY_INSTALL_ARGS} install || return 1 return 0 -} -install_smartos_post() { - smf_dir="/opt/custom/smf" +} - # Install manifest files if needed. - for fname in api master minion syndic; do - # Skip if not meant to be installed - [ $fname = "api" ] && \ - ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - svcs network/salt-$fname > /dev/null 2>&1 - if [ $? -eq 1 ]; then - if [ ! -f "$_TEMP_CONFIG_DIR/salt-$fname.xml" ]; then - # shellcheck disable=SC2086 - curl $_CURL_ARGS -s -o "$_TEMP_CONFIG_DIR/salt-$fname.xml" -L \ - "https://raw.githubusercontent.com/saltstack/salt/master/pkg/smartos/salt-$fname.xml" - fi - svccfg import "$_TEMP_CONFIG_DIR/salt-$fname.xml" - if [ "${VIRTUAL_TYPE}" = "global" ]; then - if [ ! -d "$smf_dir" ]; then - mkdir -p "$smf_dir" || return 1 - fi - if [ ! -f "$smf_dir/salt-$fname.xml" ]; then - __copyfile "$_TEMP_CONFIG_DIR/salt-$fname.xml" "$smf_dir/" || return 1 - fi - fi - fi - done +install_photon_onedir() { - return 0 -} + echodebug "install_photon_onedir() entry" -install_smartos_git_post() { - smf_dir="/opt/custom/smf" + STABLE_REV=$ONEDIR_REV + _GENERIC_PKG_VERSION="" - # Install manifest files if needed. - for fname in api master minion syndic; do - # Skip if not meant to be installed - [ $fname = "api" ] && \ - ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + if [ "$(echo "$STABLE_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # Major version Salt, config and repo already setup + __get_packagesite_onedir_latest "$STABLE_REV" + MINOR_VER_STRG="-$_GENERIC_PKG_VERSION" + elif [ "$(echo "$STABLE_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # Minor version Salt, need to add specific minor version + MINOR_VER_STRG="-$STABLE_REV" + else + # default to latest version Salt, config and repo already setup + __get_packagesite_onedir_latest + MINOR_VER_STRG="-$_GENERIC_PKG_VERSION" + fi - svcs "network/salt-$fname" > /dev/null 2>&1 - if [ $? -eq 1 ]; then - svccfg import "${_SALT_GIT_CHECKOUT_DIR}/pkg/smartos/salt-$fname.xml" - if [ "${VIRTUAL_TYPE}" = "global" ]; then - if [ ! -d $smf_dir ]; then - mkdir -p "$smf_dir" - fi - if [ ! -f "$smf_dir/salt-$fname.xml" ]; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/smartos/salt-$fname.xml" "$smf_dir/" - fi - fi - fi - done + __PACKAGES="" - return 0 -} + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then + __PACKAGES="${__PACKAGES} salt-cloud$MINOR_VER_STRG" + fi + if [ "$_INSTALL_MASTER" -eq $BS_TRUE ];then + __PACKAGES="${__PACKAGES} salt-master$MINOR_VER_STRG" + fi + if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-minion$MINOR_VER_STRG" + fi + if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ];then + __PACKAGES="${__PACKAGES} salt-syndic$MINOR_VER_STRG" + fi -install_smartos_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api$MINOR_VER_STRG" + fi - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue + # shellcheck disable=SC2086 + __tdnf_install_noinput ${__PACKAGES} || return 1 - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + return 0 +} - # Stop if running && Start service - svcadm disable salt-$fname > /dev/null 2>&1 - svcadm enable salt-$fname - done +install_photon_onedir_post() { + STABLE_REV=$ONEDIR_REV + install_photon_stable_post || return 1 return 0 } # -# Ended SmartOS Install Functions +# Ended Fedora Install Functions # ####################################################################################################################### + ####################################################################################################################### # # openSUSE Install Functions. @@ -7081,13 +6645,8 @@ __set_suse_pkg_repo() { DISTRO_REPO="SLE_${DISTRO_MAJOR_VERSION}_SP${SUSE_PATCHLEVEL}" fi - if [ "$_DOWNSTREAM_PKG_REPO" -eq $BS_TRUE ]; then - suse_pkg_url_base="https://download.opensuse.org/repositories/systemsmanagement:/saltstack" - suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo" - else - suse_pkg_url_base="${HTTP_VAL}://repo.saltproject.io/opensuse" - suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack:products.repo" - fi + suse_pkg_url_base="https://download.opensuse.org/repositories/systemsmanagement:/saltstack" + suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo" SUSE_PKG_URL="$suse_pkg_url_base/$suse_pkg_url_path" } @@ -7107,7 +6666,7 @@ __version_lte() { zypper --non-interactive install --auto-agree-with-licenses python || return 1 fi - if [ "$(python -c 'import sys; V1=tuple([int(i) for i in sys.argv[1].split(".")]); V2=tuple([int(i) for i in sys.argv[2].split(".")]); print V1<=V2' "$1" "$2")" = "True" ]; then + if [ "$(${_PY_EXE} -c 'import sys; V1=tuple([int(i) for i in sys.argv[1].split(".")]); V2=tuple([int(i) for i in sys.argv[2].split(".")]); print(V1<=V2)' "$1" "$2")" = "True" ]; then __ZYPPER_REQUIRES_REPLACE_FILES=${BS_TRUE} else __ZYPPER_REQUIRES_REPLACE_FILES=${BS_FALSE} @@ -7147,7 +6706,7 @@ __zypper_install() { __opensuse_prep_install() { # DRY function for common installation preparatory steps for SUSE - if [ $_DISABLE_REPOS -eq $BS_FALSE ]; then + if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then # Is the repository already known __set_suse_pkg_repo # Check zypper repos and refresh if necessary @@ -7179,7 +6738,7 @@ install_opensuse_stable_deps() { # YAML module is used for generating custom master/minion configs # requests is still used by many salt modules # Salt needs python-zypp installed in order to use the zypper module - __PACKAGES="python-PyYAML python-requests python-zypp" + __PACKAGES="python${PY_PKG_VER}-PyYAML python${PY_PKG_VER}-requests python${PY_PKG_VER}-zypp" # shellcheck disable=SC2086 __zypper_install ${__PACKAGES} || return 1 @@ -7204,29 +6763,14 @@ install_opensuse_git_deps() { __zypper_install git || return 1 fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - __zypper_install patch || return 1 - - __PACKAGES="libzmq5 python-Jinja2 python-m2crypto python-msgpack-python python-pycrypto python-pyzmq python-xml python-futures" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python-tornado" - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi # Check for Tumbleweed - elif [ "${DISTRO_MAJOR_VERSION}" -ge 20210101 ]; then - __PACKAGES="python3-pip gcc-c++ python310-pyzmq-devel" + if [ "${DISTRO_MAJOR_VERSION}" -ge 20210101 ]; then + __PACKAGES="python3-pip gcc-c++ python3-pyzmq-devel" else - __PACKAGES="python-pip python-setuptools gcc" + __PACKAGES="python3-pip python3-setuptools gcc" fi # shellcheck disable=SC2086 @@ -7234,27 +6778,45 @@ install_opensuse_git_deps() { # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi return 0 } +install_opensuse_onedir_deps() { + install_opensuse_stable_deps || return 1 +} + install_opensuse_stable() { + if [ "$(echo "$STABLE_REV" | grep -E '^(3006|3007)$')" != "" ]; then + # Major version Salt, config and repo already setup + MINOR_VER_STRG="" + elif [ "$(echo "$STABLE_REV" | grep -E '^([3-9][0-5]{2}[6-9](\.[0-9]*)?)')" != "" ]; then + # Minor version Salt, need to add specific minor version + MINOR_VER_STRG="-$STABLE_REV" + else + MINOR_VER_STRG="" + fi + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then - __PACKAGES="${__PACKAGES} salt-cloud" + __PACKAGES="${__PACKAGES} salt-cloud$MINOR_VER_STRG" fi if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-master" + __PACKAGES="${__PACKAGES} salt-master$MINOR_VER_STRG" fi if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-minion" + __PACKAGES="${__PACKAGES} salt-minion$MINOR_VER_STRG" fi if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} salt-syndic" + __PACKAGES="${__PACKAGES} salt-syndic$MINOR_VER_STRG" + fi + + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ]; then + __PACKAGES="${__PACKAGES} salt-api$MINOR_VER_STRG" fi # shellcheck disable=SC2086 @@ -7264,15 +6826,14 @@ install_opensuse_stable() { } install_opensuse_git() { - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - python setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 } +install_opensuse_onedir() { + install_opensuse_stable || return 1 +} + install_opensuse_stable_post() { for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -7283,7 +6844,7 @@ install_opensuse_stable_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] || [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload @@ -7306,7 +6867,7 @@ install_opensuse_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if command -v systemctl; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then use_usr_lib=$BS_FALSE if [ "${DISTRO_MAJOR_VERSION}" -ge 15 ]; then @@ -7317,10 +6878,17 @@ install_opensuse_git_post() { use_usr_lib=$BS_TRUE fi + # Account for new path for services files in later releases + if [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/common/salt-${fname}.service" ]; then + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/common" + else + _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/" + fi + if [ "${use_usr_lib}" -eq $BS_TRUE ]; then - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/usr/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/usr/lib/systemd/system/salt-${fname}.service" else - __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" fi continue @@ -7335,8 +6903,12 @@ install_opensuse_git_post() { return 0 } +install_opensuse_onedir_post() { + install_opensuse_stable_post || return 1 +} + install_opensuse_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -7347,7 +6919,7 @@ install_opensuse_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then systemctl stop salt-$fname > /dev/null 2>&1 systemctl start salt-$fname.service && continue echodebug "Failed to start salt-$fname using systemd" @@ -7363,221 +6935,53 @@ install_opensuse_restart_daemons() { } install_opensuse_check_services() { - if [ ! -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Not running systemd!? Don't check! return 0 fi - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - __check_services_systemd salt-$fname > /dev/null 2>&1 || __check_services_systemd salt-$fname.service > /dev/null 2>&1 || return 1 - done - - return 0 -} -# -# End of openSUSE Install Functions. -# -####################################################################################################################### - -####################################################################################################################### -# -# openSUSE Leap 15 -# - -install_opensuse_15_stable_deps() { - __opensuse_prep_install || return 1 - - # SUSE only packages Salt for Python 3 on Leap 15 - # Py3 is the default bootstrap install for Leap 15 - # However, git installs might specify "-x python2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - else - PY_PKG_VER=3 - fi - - # YAML module is used for generating custom master/minion configs - # requests is still used by many salt modules - __PACKAGES="python${PY_PKG_VER}-PyYAML python${PY_PKG_VER}-requests" - - # shellcheck disable=SC2086 - __zypper_install ${__PACKAGES} || return 1 - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __zypper_install ${_EXTRA_PACKAGES} || return 1 - fi - - return 0 -} - -install_opensuse_15_git_deps() { - install_opensuse_15_stable_deps || return 1 - - if ! __check_command_exists git; then - __zypper_install git || return 1 - fi - - __git_clone_and_checkout || return 1 - - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - PY_PKG_VER=2 - else - PY_PKG_VER=3 - fi - - __PACKAGES="python${PY_PKG_VER}-xml" - - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - - # Py3 is the default bootstrap install for Leap 15 - # However, git installs might specify "-x python2" - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 2 ]; then - # This is required by some of the python2 packages below - __PACKAGES="${__PACKAGES} libpython2_7-1_0 python2-futures python-ipaddress" - fi - - __PACKAGES="${__PACKAGES} libzmq5 python${PY_PKG_VER}-Jinja2 python${PY_PKG_VER}-msgpack" - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-pycrypto python${PY_PKG_VER}-pyzmq" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-tornado" - fi - fi - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-apache-libcloud" - fi - else - __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" - fi - - # shellcheck disable=SC2086 - __zypper_install ${__PACKAGES} || return 1 - - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi - - return 0 -} - -install_opensuse_15_git() { - - # Py3 is the default bootstrap install for Leap 15 - if [ -n "$_PY_EXE" ]; then - _PYEXE=${_PY_EXE} - else - _PYEXE=python3 - fi - - if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then - __install_salt_from_repo_post_neon "${_PY_EXE}" || return 1 - return 0 - fi - - ${_PYEXE} setup.py ${SETUP_PY_INSTALL_ARGS} install --prefix=/usr || return 1 - return 0 -} - -# -# End of openSUSE Leap 15 -# -####################################################################################################################### - -####################################################################################################################### -# -# SUSE Enterprise 15 -# - -install_suse_15_stable_deps() { - __opensuse_prep_install || return 1 - install_opensuse_15_stable_deps || return 1 - - return 0 -} - -install_suse_15_git_deps() { - install_suse_15_stable_deps || return 1 - - if ! __check_command_exists git; then - __zypper_install git-core || return 1 - fi - - install_opensuse_15_git_deps || return 1 - - return 0 -} - -install_suse_15_stable() { - install_opensuse_stable || return 1 - return 0 -} - -install_suse_15_git() { - install_opensuse_15_git || return 1 - return 0 -} + for fname in api master minion syndic; do + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue -install_suse_15_stable_post() { - install_opensuse_stable_post || return 1 - return 0 -} + # Skip if not meant to be installed + [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue -install_suse_15_git_post() { - install_opensuse_git_post || return 1 - return 0 -} + __check_services_systemd salt-$fname > /dev/null 2>&1 || __check_services_systemd salt-$fname.service > /dev/null 2>&1 || return 1 + done -install_suse_15_restart_daemons() { - install_opensuse_restart_daemons || return 1 return 0 } - # -# End of SUSE Enterprise 15 +# End of openSUSE Install Functions. # ####################################################################################################################### ####################################################################################################################### # -# SUSE Enterprise 12 +# openSUSE Leap 15 # -install_suse_12_stable_deps() { +install_opensuse_15_stable_deps() { __opensuse_prep_install || return 1 + # SUSE only packages Salt for Python 3 on Leap 15 + # Py3 is the default bootstrap install for Leap 15 + # However, git installs that specify "-x python2" are disallowed + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 + fi + # YAML module is used for generating custom master/minion configs # requests is still used by many salt modules - # Salt needs python-zypp installed in order to use the zypper module - __PACKAGES="python-PyYAML python-requests python-zypp" - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi + __PACKAGES="python${PY_PKG_VER}-PyYAML python${PY_PKG_VER}-requests" - # shellcheck disable=SC2086,SC2090 + # shellcheck disable=SC2086 __zypper_install ${__PACKAGES} || return 1 - # SLES 11 SP3 ships with both python-M2Crypto-0.22.* and python-m2crypto-0.21 and we will be asked which - # we want to install, even with --non-interactive. - # Let's try to install the higher version first and then the lower one in case of failure - __zypper_install 'python-M2Crypto>=0.22' || __zypper_install 'python-M2Crypto>=0.21' || return 1 - if [ "${_EXTRA_PACKAGES}" != "" ]; then echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" # shellcheck disable=SC2086 @@ -7587,203 +6991,131 @@ install_suse_12_stable_deps() { return 0 } -install_suse_12_git_deps() { - install_suse_12_stable_deps || return 1 +install_opensuse_15_git_deps() { + install_opensuse_15_stable_deps || return 1 if ! __check_command_exists git; then - __zypper_install git-core || return 1 + __zypper_install git || return 1 fi + # shellcheck disable=SC2119 __git_clone_and_checkout || return 1 - __PACKAGES="" - # shellcheck disable=SC2089 - __PACKAGES="${__PACKAGES} libzmq4 python-Jinja2 python-msgpack-python python-pycrypto" - __PACKAGES="${__PACKAGES} python-pyzmq python-xml" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python-tornado" - fi + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then + echoerror "Python version is no longer supported, only Python 3" + return 1 fi - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi + PY_PKG_VER=3 + __PACKAGES="python${PY_PKG_VER}-xml python${PY_PKG_VER}-devel python${PY_PKG_VER}-pip python${PY_PKG_VER}-setuptools gcc" # shellcheck disable=SC2086 __zypper_install ${__PACKAGES} || return 1 # Let's trigger config_salt() if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" + _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf" CONFIG_SALT_FUNC="config_salt" fi return 0 } -install_suse_12_stable() { - install_opensuse_stable || return 1 - return 0 -} - -install_suse_12_git() { - install_opensuse_git || return 1 - return 0 -} +install_opensuse_15_git() { -install_suse_12_stable_post() { - install_opensuse_stable_post || return 1 - return 0 -} + # Py3 is the default bootstrap install for Leap 15 + if [ -n "$_PY_EXE" ]; then + _PYEXE="${_PY_EXE}" + else + _PYEXE=python3 + fi -install_suse_12_git_post() { - install_opensuse_git_post || return 1 + __install_salt_from_repo "${_PY_EXE}" || return 1 return 0 } -install_suse_12_restart_daemons() { - install_opensuse_restart_daemons || return 1 +install_opensuse_15_onedir_deps() { + __opensuse_prep_install || return 1 return 0 } # -# End of SUSE Enterprise 12 +# End of openSUSE Leap 15 # ####################################################################################################################### ####################################################################################################################### # -# SUSE Enterprise 11 +# SUSE Enterprise 15 # -install_suse_11_stable_deps() { +install_suse_15_stable_deps() { __opensuse_prep_install || return 1 - - # YAML module is used for generating custom master/minion configs - __PACKAGES="python-PyYAML" - - # shellcheck disable=SC2086,SC2090 - __zypper_install ${__PACKAGES} || return 1 - - # SLES 11 SP3 ships with both python-M2Crypto-0.22.* and python-m2crypto-0.21 and we will be asked which - # we want to install, even with --non-interactive. - # Let's try to install the higher version first and then the lower one in case of failure - __zypper_install 'python-M2Crypto>=0.22' || __zypper_install 'python-M2Crypto>=0.21' || return 1 - - if [ "${_EXTRA_PACKAGES}" != "" ]; then - echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" - # shellcheck disable=SC2086 - __zypper_install ${_EXTRA_PACKAGES} || return 1 - fi + install_opensuse_15_stable_deps || return 1 return 0 } -install_suse_11_git_deps() { - install_suse_11_stable_deps || return 1 +install_suse_15_git_deps() { + install_suse_15_stable_deps || return 1 if ! __check_command_exists git; then - __zypper_install git || return 1 - fi - - __git_clone_and_checkout || return 1 - - __PACKAGES="" - # shellcheck disable=SC2089 - __PACKAGES="${__PACKAGES} libzmq4 python-Jinja2 python-msgpack-python python-pycrypto" - __PACKAGES="${__PACKAGES} python-pyzmq python-xml python-zypp" - - if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then - # We're on the master branch, install whichever tornado is on the requirements file - __REQUIRED_TORNADO="$(grep tornado "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt")" - if [ "${__REQUIRED_TORNADO}" != "" ]; then - __PACKAGES="${__PACKAGES} python-tornado" - fi + __zypper_install git-core || return 1 fi - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __PACKAGES="${__PACKAGES} python-apache-libcloud" - fi + install_opensuse_15_git_deps || return 1 - # shellcheck disable=SC2086 - __zypper_install ${__PACKAGES} || return 1 + return 0 +} - # Let's trigger config_salt() - if [ "$_TEMP_CONFIG_DIR" = "null" ]; then - _TEMP_CONFIG_DIR="${_SALT_GIT_CHECKOUT_DIR}/conf/" - CONFIG_SALT_FUNC="config_salt" - fi +install_suse_15_onedir_deps() { + __opensuse_prep_install || return 1 + install_opensuse_15_onedir_deps || return 1 return 0 } -install_suse_11_stable() { +install_suse_15_stable() { install_opensuse_stable || return 1 return 0 } -install_suse_11_git() { - install_opensuse_git || return 1 +install_suse_15_git() { + install_opensuse_15_git || return 1 + return 0 +} + +install_suse_15_onedir() { + install_opensuse_stable || return 1 return 0 } -install_suse_11_stable_post() { +install_suse_15_stable_post() { install_opensuse_stable_post || return 1 return 0 } -install_suse_11_git_post() { +install_suse_15_git_post() { install_opensuse_git_post || return 1 return 0 } -install_suse_11_restart_daemons() { - install_opensuse_restart_daemons || return 1 +install_suse_15_onedir_post() { + install_opensuse_stable_post || return 1 return 0 } - -# -# End of SUSE Enterprise 11 -# -####################################################################################################################### - -####################################################################################################################### -# -# SUSE Enterprise General Functions -# - -# Used for both SLE 11 and 12 -install_suse_check_services() { - if [ ! -f /bin/systemctl ]; then - # Not running systemd!? Don't check! - return 0 - fi - - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - __check_services_systemd salt-$fname || return 1 - done - +install_suse_15_restart_daemons() { + install_opensuse_restart_daemons || return 1 return 0 } # -# End of SUSE Enterprise General Functions +# End of SUSE Enterprise 15 # ####################################################################################################################### + ####################################################################################################################### # # Gentoo Install Functions. @@ -7840,14 +7172,15 @@ __gentoo_pre_dep() { mkdir /etc/portage fi - # Enable Python 3.6 target for pre Neon Salt release - if echo "${STABLE_REV}" | grep -q "2019" || [ "${ITYPE}" = "git" ] && [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - EXTRA_PYTHON_TARGET=python3_6 - fi - - # Enable Python 3.7 target for Salt Neon using GIT - if [ "${ITYPE}" = "git" ] && [ "${GIT_REV}" = "v3000" ]; then - EXTRA_PYTHON_TARGET=python3_7 + # Enable Python 3.10 target for Salt 3006 or later, otherwise 3.7 as previously, using GIT + if [ "${ITYPE}" = "git" ]; then + GIT_REV_MAJOR=$(echo "${GIT_REV}" | awk -F "." '{print $1}') + if [ "${GIT_REV_MAJOR}" = "v3006" ] || [ "${GIT_REV_MAJOR}" = "v3007" ]; then + EXTRA_PYTHON_TARGET=python3_10 + else + # assume pre-3006, so leave it as Python 3.7 + EXTRA_PYTHON_TARGET=python3_7 + fi fi if [ -n "${EXTRA_PYTHON_TARGET:-}" ]; then @@ -7863,7 +7196,6 @@ __gentoo_post_dep() { echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" # shellcheck disable=SC2086 __autounmask ${_EXTRA_PACKAGES} || return 1 - # shellcheck disable=SC2086 __emerge ${_EXTRA_PACKAGES} || return 1 fi @@ -7907,27 +7239,6 @@ install_gentoo_git_deps() { GENTOO_GIT_PACKAGES="${GENTOO_GIT_PACKAGES:-} dev-vcs/git" fi - # Salt <3000 does not automatically install dependencies. It has to be done manually. - if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - GENTOO_GIT_PACKAGES="${GENTOO_GIT_PACKAGES:-} - sys-apps/pciutils - dev-python/pyyaml - dev-python/pyzmq - dev-python/libnacl - dev-python/pycryptodome - dev-python/py - dev-python/requests - /etc/paths.d/salt fi @@ -8317,16 +7681,31 @@ install_macosx_stable_post() { return 0 } +install_macosx_onedir_post() { + + install_macosx_stable_post || return 1 + return 0 +} + install_macosx_git_post() { + install_macosx_stable_post || return 1 return 0 } install_macosx_restart_daemons() { - [ $_START_DAEMONS -eq $BS_FALSE ] && return - /bin/launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 - /bin/launchctl load -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return + + if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then + /bin/launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 + /bin/launchctl load -w /Library/LaunchDaemons/com.saltstack.salt.minion.plist || return 1 + fi + + if [ "$_INSTALL_MASTER" -eq $BS_TRUE ]; then + /bin/launchctl unload -w /Library/LaunchDaemons/com.saltstack.salt.master.plist || return 1 + /bin/launchctl load -w /Library/LaunchDaemons/com.saltstack.salt.master.plist || return 1 + fi return 0 } @@ -8341,6 +7720,7 @@ install_macosx_restart_daemons() { # the -c options is passed. # config_salt() { + # If the configuration directory is not passed, return [ "$_TEMP_CONFIG_DIR" = "null" ] && return @@ -8384,7 +7764,7 @@ config_salt() { # Check if a minion config file already exists and move to .bak if needed if [ -f "$_SALT_ETC_DIR/minion" ] && [ "$CREATE_BAK" -eq "$BS_TRUE" ]; then - __movefile "$_SALT_ETC_DIR/minion" "$_SALT_ETC_DIR/minion.bak" $BS_TRUE || return 1 + __movefile "$_SALT_ETC_DIR/minion" "$_SALT_ETC_DIR/minion.bak" "$BS_TRUE" || return 1 CONFIGURED_ANYTHING=$BS_TRUE fi @@ -8427,8 +7807,11 @@ config_salt() { if [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ] && [ "$_CONFIG_ONLY" -eq $BS_TRUE ]; then OVERWRITE_MASTER_CONFIGS=$BS_TRUE fi + if [ "$_INSTALL_SALT_API" -eq $BS_TRUE ] && [ "$_CONFIG_ONLY" -eq $BS_TRUE ]; then + OVERWRITE_MASTER_CONFIGS=$BS_TRUE + fi - if [ "$_INSTALL_MASTER" -eq $BS_TRUE ] || [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ] || [ "$OVERWRITE_MASTER_CONFIGS" -eq $BS_TRUE ] || [ "$_CUSTOM_MASTER_CONFIG" != "null" ]; then + if [ "$_INSTALL_MASTER" -eq $BS_TRUE ] || [ "$_INSTALL_SYNDIC" -eq $BS_TRUE ] || [ "$_INSTALL_SALT_API" -eq $BS_TRUE ] || [ "$OVERWRITE_MASTER_CONFIGS" -eq $BS_TRUE ] || [ "$_CUSTOM_MASTER_CONFIG" != "null" ]; then # Create the PKI directory [ -d "$_PKI_DIR/master" ] || (mkdir -p "$_PKI_DIR/master" && chmod 700 "$_PKI_DIR/master") || return 1 @@ -8437,7 +7820,7 @@ config_salt() { # Check if a master config file already exists and move to .bak if needed if [ -f "$_SALT_ETC_DIR/master" ] && [ "$CREATE_BAK" -eq "$BS_TRUE" ]; then - __movefile "$_SALT_ETC_DIR/master" "$_SALT_ETC_DIR/master.bak" $BS_TRUE || return 1 + __movefile "$_SALT_ETC_DIR/master" "$_SALT_ETC_DIR/master.bak" "$BS_TRUE" || return 1 CONFIGURED_ANYTHING=$BS_TRUE fi @@ -8451,7 +7834,7 @@ config_salt() { CONFIGURED_ANYTHING=$BS_TRUE fi - # Copy the master's keys if found + # Copy the masters keys if found if [ -f "$_TEMP_CONFIG_DIR/master.pem" ]; then __movefile "$_TEMP_CONFIG_DIR/master.pem" "$_PKI_DIR/master/" || return 1 chmod 400 "$_PKI_DIR/master/master.pem" || return 1 @@ -8481,7 +7864,7 @@ config_salt() { done fi - if [ "$_CONFIG_ONLY" -eq $BS_TRUE ] && [ $CONFIGURED_ANYTHING -eq $BS_FALSE ]; then + if [ "$_CONFIG_ONLY" -eq $BS_TRUE ] && [ "$CONFIGURED_ANYTHING" -eq $BS_FALSE ]; then echowarn "No configuration or keys were copied over. No configuration was done!" exit 0 fi @@ -8499,6 +7882,7 @@ config_salt() { # as long as the -k option is passed. # preseed_master() { + # Create the PKI directory if [ "$(find "$_TEMP_KEYS_DIR" -maxdepth 1 -type f | wc -l)" -lt 1 ]; then @@ -8533,6 +7917,7 @@ preseed_master() { # This function checks if all of the installed daemons are running or not. # daemons_running_onedir() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 FAILED_DAEMONS=0 @@ -8545,7 +7930,11 @@ daemons_running_onedir() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - salt_path="/opt/saltstack/salt/run/run ${fname}" + if [ -f "/opt/saltstack/salt/run/run" ]; then + salt_path="/opt/saltstack/salt/run/run ${fname}" + else + salt_path="salt-${fname}" + fi process_running=$(pgrep -f "${salt_path}") if [ "${process_running}" = "" ]; then echoerror "${salt_path} was not found running" @@ -8566,6 +7955,7 @@ daemons_running_onedir() { # This function checks if all of the installed daemons are running or not. # daemons_running() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 FAILED_DAEMONS=0 @@ -8580,7 +7970,7 @@ daemons_running() { # shellcheck disable=SC2009 if [ "${DISTRO_NAME}" = "SmartOS" ]; then - if [ "$(svcs -Ho STA salt-$fname)" != "ON" ]; then + if [ "$(svcs -Ho STA "salt-$fname")" != "ON" ]; then echoerror "salt-$fname was not found running" FAILED_DAEMONS=$((FAILED_DAEMONS + 1)) fi @@ -8590,7 +7980,7 @@ daemons_running() { fi done - return $FAILED_DAEMONS + return ${FAILED_DAEMONS} } # # Ended daemons running check function @@ -8613,9 +8003,10 @@ if [ ${_NO_DEPS} -eq $BS_FALSE ]; then fi DEPS_INSTALL_FUNC="null" -for FUNC_NAME in $(__strip_duplicates "$DEP_FUNC_NAMES"); do - if __function_defined "$FUNC_NAME"; then - DEPS_INSTALL_FUNC="$FUNC_NAME" +# shellcheck disable=SC2086 +for FUNC_NAME in $(__strip_duplicates ${DEP_FUNC_NAMES}); do + if __function_defined ${FUNC_NAME}; then + DEPS_INSTALL_FUNC=${FUNC_NAME} break fi done @@ -8725,7 +8116,7 @@ for FUNC_NAME in $(__strip_duplicates "$DAEMONS_RUNNING_FUNC_NAMES"); do done echodebug "DAEMONS_RUNNING_FUNC=${DAEMONS_RUNNING_FUNC}" -# Let's get the check services function +# Lets get the check services function if [ ${_DISABLE_SALT_CHECKS} -eq $BS_FALSE ]; then CHECK_SERVICES_FUNC_NAMES="install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}_${ITYPE}_check_services" CHECK_SERVICES_FUNC_NAMES="$CHECK_SERVICES_FUNC_NAMES install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}${PREFIXED_DISTRO_MINOR_VERSION}_${ITYPE}_check_services" @@ -8758,7 +8149,7 @@ fi # Install dependencies -if [ ${_NO_DEPS} -eq $BS_FALSE ] && [ $_CONFIG_ONLY -eq $BS_FALSE ]; then +if [ "${_NO_DEPS}" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then # Only execute function is not in config mode only echoinfo "Running ${DEPS_INSTALL_FUNC}()" if ! ${DEPS_INSTALL_FUNC}; then @@ -8769,6 +8160,7 @@ fi if [ "${ITYPE}" = "git" ] && [ ${_NO_DEPS} -eq ${BS_TRUE} ]; then + # shellcheck disable=SC2119 if ! __git_clone_and_checkout; then echo "Failed to clone and checkout git repository." exit 1 @@ -8782,7 +8174,7 @@ if [ "$_CUSTOM_MASTER_CONFIG" != "null" ] || [ "$_CUSTOM_MINION_CONFIG" != "null _TEMP_CONFIG_DIR="$_SALT_ETC_DIR" fi - if [ ${_NO_DEPS} -eq $BS_FALSE ] && [ $_CONFIG_ONLY -eq $BS_TRUE ]; then + if [ "${_NO_DEPS}" -eq $BS_FALSE ] && [ "$_CONFIG_ONLY" -eq $BS_TRUE ]; then # Execute function to satisfy dependencies for configuration step echoinfo "Running ${DEPS_INSTALL_FUNC}()" if ! ${DEPS_INSTALL_FUNC}; then @@ -8856,6 +8248,7 @@ fi if [ "$STARTDAEMONS_INSTALL_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; then echoinfo "Running ${STARTDAEMONS_INSTALL_FUNC}()" echodebug "Waiting ${_SLEEP} seconds for processes to settle before checking for them" + # shellcheck disable=SC2086 sleep ${_SLEEP} if ! ${STARTDAEMONS_INSTALL_FUNC}; then echoerror "Failed to run ${STARTDAEMONS_INSTALL_FUNC}()!!!" @@ -8867,6 +8260,7 @@ fi if [ "$DAEMONS_RUNNING_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; then echoinfo "Running ${DAEMONS_RUNNING_FUNC}()" echodebug "Waiting ${_SLEEP} seconds for processes to settle before checking for them" + # shellcheck disable=SC2086 sleep ${_SLEEP} # Sleep a little bit to let daemons start if ! ${DAEMONS_RUNNING_FUNC}; then echoerror "Failed to run ${DAEMONS_RUNNING_FUNC}()!!!" @@ -8889,7 +8283,7 @@ if [ "$DAEMONS_RUNNING_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; echodebug "Running salt-$fname by hand outputs: $(nohup salt-$fname -l debug)" - [ ! -f /var/log/salt/$fname ] && echodebug "/var/log/salt/$fname does not exist. Can't cat its contents!" && continue + [ ! -f "/var/log/salt/$fname" ] && echodebug "/var/log/salt/$fname does not exist. Can't cat its contents!" && continue echodebug "DAEMON LOGS for $fname:" echodebug "$(cat /var/log/salt/$fname)" @@ -8903,6 +8297,11 @@ if [ "$DAEMONS_RUNNING_FUNC" != "null" ] && [ ${_START_DAEMONS} -eq $BS_TRUE ]; fi fi +if [ "$_AUTO_ACCEPT_MINION_KEYS" -eq "$BS_TRUE" ]; then + echoinfo "Accepting the Salt Minion Keys" + salt-key -yA +fi + # Done! if [ "$_CONFIG_ONLY" -eq $BS_FALSE ]; then echoinfo "Salt installed!" @@ -8910,6 +8309,13 @@ else echoinfo "Salt configured!" fi +if [ "$_QUICK_START" -eq "$BS_TRUE" ]; then + echoinfo "Congratulations!" + echoinfo "A couple of commands to try:" + echoinfo " salt \* test.ping" + echoinfo " salt \* test.version" +fi + exit 0 -# vim: set sts=4 ts=4 et +# vim: set sts=4 ts=4 et \ No newline at end of file diff --git a/salt_stack/salt/aws/boto3.sls b/salt_stack/salt/aws/boto3.sls index 3a417f02..fdb58ee0 100644 --- a/salt_stack/salt/aws/boto3.sls +++ b/salt_stack/salt/aws/boto3.sls @@ -5,7 +5,7 @@ include: boto3: pip.installed: - name: boto3>=1.0,<2.0 - #- bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python3 - sls: python.pip3 diff --git a/salt_stack/salt/boss-tools/activities.sls b/salt_stack/salt/boss-tools/activities.sls index c86b51b2..7270d24c 100644 --- a/salt_stack/salt/boss-tools/activities.sls +++ b/salt_stack/salt/boss-tools/activities.sls @@ -7,6 +7,7 @@ include: activity-update-pip: pip.installed: + - pip_bin: /usr/bin/pip3 - name: pip - upgrade: True @@ -24,6 +25,7 @@ activity-files: activites-lib: pip.installed: + - pip_bin: /usr/bin/pip3 - name: pymysql - require: - sls: python.python3 diff --git a/salt_stack/salt/boss-tools/bossutils.sls b/salt_stack/salt/boss-tools/bossutils.sls index 5b8b3691..486673e8 100644 --- a/salt_stack/salt/boss-tools/bossutils.sls +++ b/salt_stack/salt/boss-tools/bossutils.sls @@ -5,6 +5,7 @@ include: python-lib: pip.installed: + - pip_bin: /usr/bin/pip3 # DP HACK: Cannot use salt:// with pip.installed, so assume the base directory - name: /srv/salt/boss-tools/files/boss-tools.git/bossutils/ - require: diff --git a/salt_stack/salt/boss-tools/files/boss-tools.git b/salt_stack/salt/boss-tools/files/boss-tools.git index 2580ee90..fa42b959 160000 --- a/salt_stack/salt/boss-tools/files/boss-tools.git +++ b/salt_stack/salt/boss-tools/files/boss-tools.git @@ -1 +1 @@ -Subproject commit 2580ee9068558adb2eef9196bb18d1037985f06e +Subproject commit fa42b959fa31430c67946fc8a4396f152c0bf579 diff --git a/salt_stack/salt/boss/django.sls b/salt_stack/salt/boss/django.sls index b5508521..3fc58f68 100644 --- a/salt_stack/salt/boss/django.sls +++ b/salt_stack/salt/boss/django.sls @@ -13,6 +13,7 @@ django-update-pip: pip.installed: - name: pip - upgrade: True + - pip_bin: /usr/bin/pip3 django-prerequirements: pkg.installed: @@ -20,9 +21,11 @@ django-prerequirements: - libmysqlclient-dev - libffi-dev - awscli + - patchelf django-requirements: pip.installed: + - pip_bin: /usr/bin/pip3 - requirements: salt://boss/files/boss.git/requirements.txt - exists_action: w - require: diff --git a/salt_stack/salt/boss/files/boss.git b/salt_stack/salt/boss/files/boss.git index 23a2381b..c746c8f0 160000 --- a/salt_stack/salt/boss/files/boss.git +++ b/salt_stack/salt/boss/files/boss.git @@ -1 +1 @@ -Subproject commit 23a2381b0f61f0589a03b03fc240c971fcc14d4d +Subproject commit c746c8f02d46f91625b8c45f556baa35952e5051 diff --git a/salt_stack/salt/cvdb/init.sls b/salt_stack/salt/cvdb/init.sls index c03a3652..5aaff36f 100644 --- a/salt_stack/salt/cvdb/init.sls +++ b/salt_stack/salt/cvdb/init.sls @@ -4,17 +4,20 @@ include: cvdb-update-pip: pip.installed: + - pip_bin: /usr/bin/pip3 - name: pip - upgrade: True cvdb-lib: pip.installed: + - pip_bin: /usr/bin/pip3 - name: /srv/salt/cvdb/files/cvdb.git/ - require: - sls: python.python3 cvdb-test-requirements: pip.installed: + - pip_bin: /usr/bin/pip3 - requirements: salt://cvdb/files/cvdb.git/requirements-test.txt - exists_action: w - require: diff --git a/salt_stack/salt/django/rest-framework.sls b/salt_stack/salt/django/rest-framework.sls index c24062eb..baedf4a1 100644 --- a/salt_stack/salt/django/rest-framework.sls +++ b/salt_stack/salt/django/rest-framework.sls @@ -6,6 +6,7 @@ include: rest_framework: pip.installed: + - pip_bin: /usr/bin/pip3 - name: djangorestframework==3.3.1 - bin_env: /usr/local/bin/pip3 - require: diff --git a/salt_stack/salt/heaviside/init.sls b/salt_stack/salt/heaviside/init.sls index 29d5b468..b5a6c905 100644 --- a/salt_stack/salt/heaviside/init.sls +++ b/salt_stack/salt/heaviside/init.sls @@ -5,6 +5,7 @@ include: heaviside: pip.installed: # pip dependencies not resolving to our version - - editable: git+https://github.com/jhuapl-boss/heaviside.git#egg=heaviside + - pip_bin: /usr/bin/pip3 + - name: git+https://github.com/jhuapl-boss/heaviside.git - exists_action: w diff --git a/salt_stack/salt/ingest-client/files/ingest-client.git b/salt_stack/salt/ingest-client/files/ingest-client.git index c65c57c9..5700267c 160000 --- a/salt_stack/salt/ingest-client/files/ingest-client.git +++ b/salt_stack/salt/ingest-client/files/ingest-client.git @@ -1 +1 @@ -Subproject commit c65c57c939d82009f35486021898d77ef0cccb70 +Subproject commit 5700267c83b119f50e2bc07b1d616fbcb970a9e4 diff --git a/salt_stack/salt/ingest-client/ingest.sls b/salt_stack/salt/ingest-client/ingest.sls index 0217d1f1..c2970d84 100644 --- a/salt_stack/salt/ingest-client/ingest.sls +++ b/salt_stack/salt/ingest-client/ingest.sls @@ -6,6 +6,7 @@ ingest-update-pip: pip.installed: - name: pip - upgrade: True + - pip_bin: /usr/bin/pip3 ingest-prerequirements: pkg.installed: @@ -27,14 +28,26 @@ ingest-prerequirements: # export LC_ALL=en_US.UTF-8 # sudo /usr/local/bin/pip3 install httpretty==0.8.10 +ingest-wheel-upgrade: + pip.installed: + - pip_bin: /usr/bin/pip3 + - pkgs: + - wheel +# - setuptools + - upgrade: True + - require: + - sls: python.python3 + # Need to install pyyaml separatly to avoid problems with other requirements ingest-pyyaml: pip.installed: + - pip_bin: /usr/bin/pip3 - name: pyyaml - ignore_installed: True ingest-client-lib: pip.installed: + - pip_bin: /usr/bin/pip3 - requirements: salt://ingest-client/files/ingest-client.git/requirements.txt - require: - pkg: ingest-prerequirements diff --git a/salt_stack/salt/jenkins-microns/init.sls b/salt_stack/salt/jenkins-microns/init.sls index 62f73a15..278b5865 100644 --- a/salt_stack/salt/jenkins-microns/init.sls +++ b/salt_stack/salt/jenkins-microns/init.sls @@ -17,5 +17,5 @@ include: ## TODO: make pip installation part of the Jenkins job, instead. intern-sdk: pip.installed: - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - requirements: salt://jenkins-microns/files/intern-requirements.txt diff --git a/salt_stack/salt/jenkins/django.sls b/salt_stack/salt/jenkins/django.sls index 65c92ed1..8a29b383 100644 --- a/salt_stack/salt/jenkins/django.sls +++ b/salt_stack/salt/jenkins/django.sls @@ -5,8 +5,8 @@ include: django-jenkins: pip.installed: + - pip_bin: /usr/bin/pip3 - name: django-jenkins==0.18.1 - - bin_env: /usr/local/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/ndingest/init.sls b/salt_stack/salt/ndingest/init.sls index 7981b39a..ede3a79e 100644 --- a/salt_stack/salt/ndingest/init.sls +++ b/salt_stack/salt/ndingest/init.sls @@ -1,10 +1,23 @@ # Install ndingest into site-packages. include: - python.python3 + - python.pip3 + - python.python3-dev - spdb +ndingest-wheel-upgrade: + pip.installed: + - pip_bin: /usr/bin/pip3 + - pkgs: + - wheel +# - setuptools + - upgrade: True + - require: + - sls: python.python3 + ndingest-lib: pip.installed: + - pip_bin: /usr/bin/pip3 # DP HACK: Cannot use salt:// with pip.installed, so assume the base directory - name: /srv/salt/ndingest/files/ndingest.git/ - require: diff --git a/salt_stack/salt/python/coverage.sls b/salt_stack/salt/python/coverage.sls index 03263200..877ffd3e 100644 --- a/salt_stack/salt/python/coverage.sls +++ b/salt_stack/salt/python/coverage.sls @@ -6,7 +6,7 @@ include: coverage: pip.installed: - name: coverage==4.0.3 - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/python/jsonschema.sls b/salt_stack/salt/python/jsonschema.sls index 8cf365b5..9d329639 100644 --- a/salt_stack/salt/python/jsonschema.sls +++ b/salt_stack/salt/python/jsonschema.sls @@ -4,8 +4,8 @@ include: jsonschema: pip.installed: + - pip_bin: /usr/bin/pip3 - name: jsonschema==2.5.1 - - bin_env: /usr/local/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/python/nose2-3.sls b/salt_stack/salt/python/nose2-3.sls index d15dd8e9..7c2ffbdb 100644 --- a/salt_stack/salt/python/nose2-3.sls +++ b/salt_stack/salt/python/nose2-3.sls @@ -6,8 +6,8 @@ include: python3-nose2: pip.installed: + - pip_bin: /usr/bin/pip3 - name: {{ python3.nose2_pkg }} - - bin_env: /usr/local/bin/pip3 - require: # Currently require pip from Python 2.x for Salt's pip state. - sls: python.pip diff --git a/salt_stack/salt/python/nose2-cov-3.sls b/salt_stack/salt/python/nose2-cov-3.sls index c5b0e99c..ba1e503b 100644 --- a/salt_stack/salt/python/nose2-cov-3.sls +++ b/salt_stack/salt/python/nose2-cov-3.sls @@ -7,7 +7,7 @@ include: python3-nose2-cov: pip.installed: - name: {{ python3.nose2_cov_pkg }} - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: # Currently require pip from Python 2.x for Salt's pip state. - sls: python.pip diff --git a/salt_stack/salt/python/nose2-cov.sls b/salt_stack/salt/python/nose2-cov.sls index ef5df910..4e8e4f66 100644 --- a/salt_stack/salt/python/nose2-cov.sls +++ b/salt_stack/salt/python/nose2-cov.sls @@ -5,5 +5,6 @@ include: pip.installed: - name: {{ python2.nose2_cov_pkg }} + - pip_bin: /usr/bin/pip3 - require: - sls: python.pip diff --git a/salt_stack/salt/python/nose2.sls b/salt_stack/salt/python/nose2.sls index 1f354aa7..302b5feb 100644 --- a/salt_stack/salt/python/nose2.sls +++ b/salt_stack/salt/python/nose2.sls @@ -6,5 +6,6 @@ include: python2-nose2: pip.installed: - name: {{ python2.nose2_pkg }} + - pip_bin: /usr/bin/pip3 - require: - sls: python.pip diff --git a/salt_stack/salt/python/pep8.sls b/salt_stack/salt/python/pep8.sls index 15d1e646..58b9870b 100644 --- a/salt_stack/salt/python/pep8.sls +++ b/salt_stack/salt/python/pep8.sls @@ -6,7 +6,7 @@ include: pep8: pip.installed: - name: pep8==1.7.0 - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/python/pylint-django.sls b/salt_stack/salt/python/pylint-django.sls index 5698239d..9ed7221f 100644 --- a/salt_stack/salt/python/pylint-django.sls +++ b/salt_stack/salt/python/pylint-django.sls @@ -7,7 +7,7 @@ include: pylint-django: pip.installed: - name: pylint-django==0.7.1 - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/python/pylint.sls b/salt_stack/salt/python/pylint.sls index dffe2da7..d1180aa4 100644 --- a/salt_stack/salt/python/pylint.sls +++ b/salt_stack/salt/python/pylint.sls @@ -6,7 +6,7 @@ include: pylint: pip.installed: - name: pylint==1.5.4 - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/python/pyminifier.sls b/salt_stack/salt/python/pyminifier.sls index 2bedb763..da713841 100644 --- a/salt_stack/salt/python/pyminifier.sls +++ b/salt_stack/salt/python/pyminifier.sls @@ -6,7 +6,7 @@ include: pyminifier: pip.installed: - name: pyminifier==2.1 - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/python/virtualenvwrapper.sls b/salt_stack/salt/python/virtualenvwrapper.sls index 9226104a..3612ccaf 100644 --- a/salt_stack/salt/python/virtualenvwrapper.sls +++ b/salt_stack/salt/python/virtualenvwrapper.sls @@ -6,7 +6,7 @@ include: virtualenvwrapper: pip.installed: - name: virtualenvwrapper - - bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python35 - sls: python.pip diff --git a/salt_stack/salt/scipy/init.sls b/salt_stack/salt/scipy/init.sls index 6e685fc0..d0c8d065 100644 --- a/salt_stack/salt/scipy/init.sls +++ b/salt_stack/salt/scipy/init.sls @@ -13,6 +13,7 @@ scipy-prerequirements: scipy-lib: pip.installed: + - pip_bin: /usr/bin/pip3 - pkgs: - scipy - require: diff --git a/salt_stack/salt/spdb/files/spdb.git b/salt_stack/salt/spdb/files/spdb.git index e9edfd2f..f77bd1a6 160000 --- a/salt_stack/salt/spdb/files/spdb.git +++ b/salt_stack/salt/spdb/files/spdb.git @@ -1 +1 @@ -Subproject commit e9edfd2fd3a5f4ef510278baa4451e1e307d3ad8 +Subproject commit f77bd1a6d9f321437f737f303cd2c967e1e46eec diff --git a/salt_stack/salt/spdb/init.sls b/salt_stack/salt/spdb/init.sls index 17642cce..26ed97fc 100644 --- a/salt_stack/salt/spdb/init.sls +++ b/salt_stack/salt/spdb/init.sls @@ -1,10 +1,13 @@ include: - python.python3 + - python.pip3 + - python.python3-dev spdb-update-pip: pip.installed: - name: pip - upgrade: True + - pip_bin: /usr/bin/pip3 spdb-prerequirements: pkg.installed: @@ -15,6 +18,7 @@ spdb-prerequirements: - libfreetype6-dev - liblcms2-dev - libwebp-dev + - patchelf #- libopenjpeg-dev # Install moto dependency separately. Salt sets LC_ALL=C which breaks @@ -32,29 +36,28 @@ spdb-prerequirements: # During testing with the Docker Ubuntu 20.04 image, wheel was too old to # complete the spdb and blosc installs. -wheel-upgrade: +spdb-wheel-upgrade: pip.installed: - - name: wheel + - pip_bin: /usr/bin/pip3 + - pkgs: + - wheel +# - setuptools - upgrade: True - require: - sls: python.python3 spdb-lib: pip.installed: + - pip_bin: /usr/bin/pip3 # DP HACK: Cannot use salt:// with pip.installed, so assume the base directory - name: /srv/salt/spdb/files/spdb.git/ - require: - pkg: spdb-prerequirements - sls: python.python3 -# Need to install pyyaml separatly to avoid problems with other requirements -spdb-pyyaml: - pip.installed: - - name: pyyaml - - ignore_installed: True - spdb-test-requirements: pip.installed: + - pip_bin: /usr/bin/pip3 - requirements: salt://spdb/files/spdb.git/requirements-test.txt - exists_action: w - require: diff --git a/salt_stack/salt/uwsgi/emperor.sls b/salt_stack/salt/uwsgi/emperor.sls index 522f2495..6d22707b 100644 --- a/salt_stack/salt/uwsgi/emperor.sls +++ b/salt_stack/salt/uwsgi/emperor.sls @@ -2,12 +2,11 @@ include: - python.python3 - python.pip3 -uwsgi: - pip.installed: - - name: uwsgi==2.0.19.1 - - require: - - sls: python.python3 - - sls: python.pip3 +uwsgi-prerequirements: + pkg.installed: + - pkgs: + - uwsgi + - patchelf uwsgi-init.d: file.managed: diff --git a/salt_stack/salt/vault/client.sls b/salt_stack/salt/vault/client.sls index 17b250b4..e016982c 100644 --- a/salt_stack/salt/vault/client.sls +++ b/salt_stack/salt/vault/client.sls @@ -6,7 +6,7 @@ vault-lib: pip.installed: # ToDo: fix needs to be kept in sync with spdb's hvac requirement. - name: hvac==0.11.2 - #- bin_env: /usr/local/bin/pip3 + - pip_bin: /usr/bin/pip3 - require: - sls: python.python3 - sls: python.pip3 diff --git a/test/availability_zones/lambdas.py b/test/availability_zones/lambdas.py index eaa2bc33..07050892 100644 --- a/test/availability_zones/lambdas.py +++ b/test/availability_zones/lambdas.py @@ -42,7 +42,7 @@ timeout=10, security_groups=[cloudformation.Ref('InternalSecurityGroup')], subnets=internal_subnets, - runtime='python3.7') + runtime='python3.11') azs = [sub['Ref'][0] for sub in internal_subnets] print('Assigning a lambda to the {} availability zones'.format(azs))