diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c13c6fffe..eebfa5191 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,8 +27,6 @@ jobs: separator: "," files: | bootstrap-salt.* - Gemfile - kitchen*.yml tests/** .github/workflows/** files_ignore: | @@ -147,21 +145,6 @@ jobs: - windows-2019: - name: Windows 2019 - if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' - uses: ./.github/workflows/test-windows.yml - needs: - - lint - - generate-actions-workflow - with: - distro-slug: windows-2019 - display-name: Windows 2019 - timeout: 20 - runs-on: windows-2019 - instances: '["stable-3006", "stable-3006-8", "stable-3007", "stable-3007-1", "latest"]' - - windows-2022: name: Windows 2022 if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' @@ -220,20 +203,6 @@ jobs: instances: '["stable-3006", "onedir-3006", "stable-3006-8", "stable-3007", "onedir-3007", "stable-3007-1", "latest", "default"]' - arch: - name: Arch - if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' - uses: ./.github/workflows/test-linux.yml - needs: - - lint - - generate-actions-workflow - with: - distro-slug: arch - display-name: Arch - timeout: 20 - instances: '["git-master", "latest", "default"]' - - centos-stream9: name: CentOS Stream 9 if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' @@ -304,34 +273,6 @@ jobs: instances: '["stable-3007", "onedir-3007", "stable-3007-1", "git-master", "latest", "default"]' - gentoo: - name: Gentoo - if: github.event_name == 'push' - uses: ./.github/workflows/test-linux.yml - needs: - - lint - - generate-actions-workflow - with: - distro-slug: gentoo - display-name: Gentoo - timeout: 90 - instances: '["git-master"]' - - - gentoo-systemd: - name: Gentoo (systemd) - if: github.event_name == 'push' - uses: ./.github/workflows/test-linux.yml - needs: - - lint - - generate-actions-workflow - with: - distro-slug: gentoo-systemd - display-name: Gentoo (systemd) - timeout: 90 - instances: '["git-master"]' - - opensuse-15: name: Opensuse 15 if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' @@ -482,19 +423,15 @@ jobs: - generate-actions-workflow - macos-12 - macos-13 - - windows-2019 - windows-2022 - almalinux-8 - almalinux-9 - amazon-2 - - arch - centos-stream9 - debian-11 - debian-12 - fedora-39 - fedora-40 - - gentoo - - gentoo-systemd - opensuse-15 - oraclelinux-8 - oraclelinux-9 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aeb362715..935b0f70f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,9 +52,10 @@ jobs: update-develop: name: Update CHANGELOG.md and bootstrap-salt.sh runs-on: - - self-hosted - - linux - - repo-release + - ubuntu-latest + ## - self-hosted + ## - linux + ## - repo-release permissions: contents: write # To be able to publish the release environment: release @@ -74,35 +75,35 @@ jobs: python3 -m pip install -r requirements/release.txt pre-commit install --install-hooks - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - id: get-secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + ## - name: Setup GnuPG + ## run: | + ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + ## GNUPGHOME="$(mktemp -d -p /run/gpg)" + ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + ## cat < "${GNUPGHOME}/gpg.conf" + ## batch + ## no-tty + ## pinentry-mode loopback + ## EOF + + ## - name: Get Secrets + ## id: get-secrets + ## env: + ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + ## run: | + ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## --query SecretString --output text | jq .default_key -r | base64 -d \ + ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + ## | gpg --import - + ## sync + ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + ## sync + ## rm "$SECRETS_KEY_FILE" + ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - name: Configure Git shell: bash @@ -110,8 +111,9 @@ jobs: git config --global --add safe.directory "$(pwd)" git config --global user.name "Salt Project Packaging" git config --global user.email saltproject-packaging@vmware.com - git config --global user.signingkey 64CBBC8173D76B3F - git config --global commit.gpgsign true + git config --global commit.gpgsign false + ## git config --global user.signingkey 64CBBC8173D76B3F + ## git config --global commit.gpgsign true - name: Update Repository id: update-repo @@ -150,9 +152,10 @@ jobs: merge-develop-into-stable: name: Merge develop into stable runs-on: - - self-hosted - - linux - - repo-release + - ubuntu-latest + ## - self-hosted + ## - linux + ## - repo-release needs: - update-develop environment: release @@ -166,35 +169,35 @@ jobs: ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }} fetch-depth: 0 - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - id: get-secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + ## - name: Setup GnuPG + ## run: | + ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + ## GNUPGHOME="$(mktemp -d -p /run/gpg)" + ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + ## cat < "${GNUPGHOME}/gpg.conf" + ## batch + ## no-tty + ## pinentry-mode loopback + ## EOF + + ## - name: Get Secrets + ## id: get-secrets + ## env: + ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + ## run: | + ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## --query SecretString --output text | jq .default_key -r | base64 -d \ + ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + ## | gpg --import - + ## sync + ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + ## sync + ## rm "$SECRETS_KEY_FILE" + ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - name: Configure Git shell: bash @@ -202,8 +205,9 @@ jobs: git config --global --add safe.directory "$(pwd)" git config --global user.name "Salt Project Packaging" git config --global user.email saltproject-packaging@vmware.com - git config --global user.signingkey 64CBBC8173D76B3F - git config --global commit.gpgsign true + git config --global commit.gpgsign false + ## git config --global user.signingkey 64CBBC8173D76B3F + ## git config --global commit.gpgsign true - name: Download Release Details uses: actions/download-artifact@v4 @@ -227,7 +231,7 @@ jobs: - name: Tag The ${{ needs.update-develop.outputs.release-version }} Release run: | - git tag -m "Release ${{ needs.update-develop.outputs.release-version }}" -as ${{ needs.update-develop.outputs.release-version }} + git tag --no-sign -m "Release ${{ needs.update-develop.outputs.release-version }}" -a ${{ needs.update-develop.outputs.release-version }} - name: Update bootstrap-salt.sh sha256sum's run: | @@ -247,8 +251,9 @@ jobs: publish-release: name: Create GitHub Release runs-on: - - self-hosted - - linux + - ubuntu-latest + ## - self-hosted + ## - linux needs: - merge-develop-into-stable environment: release @@ -294,73 +299,75 @@ jobs: name: release-details failOnError: false - update-s3-bucket: - name: Update S3 Bucket - runs-on: - - self-hosted - - linux - - repo-release - needs: - - publish-release - environment: release - - steps: - - uses: actions/checkout@v4 - with: - ref: stable - repository: ${{ github.repository }} - ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }} - - - name: Get Salt Project GitHub Actions Bot Environment - run: | - TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - id: get-secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Install Requirements - run: | - python3 -m pip install -r requirements/release.txt - - - name: Upload Stable Release to S3 - run: | - tools release s3-publish --key-id 64CBBC8173D76B3F stable + ## update-s3-bucket: + ## name: Update S3 Bucket + ## runs-on: + ## - ubuntu-latest + ## ## - self-hosted + ## ## - linux + ## ## - repo-release + ## needs: + ## - publish-release + ## environment: release + + ## steps: + ## - uses: actions/checkout@v4 + ## with: + ## ref: stable + ## repository: ${{ github.repository }} + ## ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }} + + ## - name: Get Salt Project GitHub Actions Bot Environment + ## run: | + ## TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + ## SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + ## echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + ## ## - name: Setup GnuPG + ## ## run: | + ## ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + ## ## GNUPGHOME="$(mktemp -d -p /run/gpg)" + ## ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + ## ## cat < "${GNUPGHOME}/gpg.conf" + ## ## batch + ## ## no-tty + ## ## pinentry-mode loopback + ## ## EOF + + ## ## - name: Get Secrets + ## ## id: get-secrets + ## ## env: + ## ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + ## ## run: | + ## ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + ## ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + ## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## ## --query SecretString --output text | jq .default_key -r | base64 -d \ + ## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + ## ## | gpg --import - + ## ## sync + ## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + ## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + ## ## sync + ## ## rm "$SECRETS_KEY_FILE" + ## ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + ## ## - name: Install Requirements + ## ## run: | + ## ## python3 -m pip install -r requirements/release.txt + + ## ## - name: Upload Stable Release to S3 + ## ## run: | + ## ## tools release s3-publish --key-id 64CBBC8173D76B3F stable update-develop-checksums: name: Update Release Checksums on Develop runs-on: - - self-hosted - - linux - - repo-release + - ubuntu-latest + ## - self-hosted + ## - linux + ## - repo-release needs: - publish-release environment: release @@ -386,35 +393,35 @@ jobs: repository: ${{ github.repository }} ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }} - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - id: get-secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + ## - name: Setup GnuPG + ## run: | + ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + ## GNUPGHOME="$(mktemp -d -p /run/gpg)" + ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + ## cat < "${GNUPGHOME}/gpg.conf" + ## batch + ## no-tty + ## pinentry-mode loopback + ## EOF + + ## - name: Get Secrets + ## id: get-secrets + ## env: + ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + ## run: | + ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## --query SecretString --output text | jq .default_key -r | base64 -d \ + ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + ## | gpg --import - + ## sync + ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + ## sync + ## rm "$SECRETS_KEY_FILE" + ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - name: Configure Git shell: bash @@ -422,8 +429,9 @@ jobs: git config --global --add safe.directory "$(pwd)" git config --global user.name "Salt Project Packaging" git config --global user.email saltproject-packaging@vmware.com - git config --global user.signingkey 64CBBC8173D76B3F - git config --global commit.gpgsign true + git config --global commit.gpgsign false + ## git config --global user.signingkey 64CBBC8173D76B3F + ## git config --global commit.gpgsign true - name: Update Latest Release on README run: | diff --git a/.github/workflows/templates/ci.yml b/.github/workflows/templates/ci.yml index e9c6be7b9..c3c029c98 100644 --- a/.github/workflows/templates/ci.yml +++ b/.github/workflows/templates/ci.yml @@ -27,8 +27,6 @@ jobs: separator: "," files: | bootstrap-salt.* - Gemfile - kitchen*.yml tests/** .github/workflows/** files_ignore: | diff --git a/.github/workflows/templates/generate.py b/.github/workflows/templates/generate.py index 0fb618158..537d1da5e 100755 --- a/.github/workflows/templates/generate.py +++ b/.github/workflows/templates/generate.py @@ -6,20 +6,15 @@ os.chdir(os.path.abspath(os.path.dirname(__file__))) -## "amazon-2023", -## "opensuse-tumbleweed", LINUX_DISTROS = [ "almalinux-8", "almalinux-9", "amazon-2", - "arch", "centos-stream9", "debian-11", "debian-12", "fedora-39", "fedora-40", - "gentoo", - "gentoo-systemd", "opensuse-15", "oraclelinux-8", "oraclelinux-9", @@ -31,8 +26,8 @@ "ubuntu-2204", "ubuntu-2404", ] + WINDOWS = [ - "windows-2019", "windows-2022", ] @@ -41,14 +36,10 @@ "macos-13", ] - -## "amazon-2023", -## "opensuse-tumbleweed", STABLE_DISTROS = [ "almalinux-8", "almalinux-9", "amazon-2", - "arch", "centos-stream9", "debian-11", "debian-12", @@ -66,7 +57,6 @@ "ubuntu-2404", ] -## "amazon-2023", ONEDIR_DISTROS = [ "almalinux-8", "almalinux-9", @@ -99,40 +89,27 @@ "ubuntu-2404", ] -## "opensuse-tumbleweed", BLACKLIST_3006 = [ - "arch", "debian-12", "fedora-40", - "gentoo", - "gentoo-systemd", "opensuse-15", "ubuntu-2404", ] -## "opensuse-tumbleweed", BLACKLIST_3007 = [ - "arch", "fedora-39", - "gentoo", - "gentoo-systemd", "opensuse-15", "photon-4", "photon-5", ] -## "amazon-2023", -## "opensuse-tumbleweed", BLACKLIST_GIT_3006 = [ "almalinux-9", "amazon-2", - "arch", "centos-stream9", "debian-11", "debian-12", "fedora-40", - "gentoo", - "gentoo-systemd", "opensuse-15", "oraclelinux-9", "photon-4", @@ -143,19 +120,14 @@ "ubuntu-2404", ] -## "amazon-2023", -## "opensuse-tumbleweed", BLACKLIST_GIT_3007 = [ "almalinux-9", "amazon-2", - "arch", "centos-stream9", "debian-11", "debian-12", "fedora-39", "fedora-40", - "gentoo", - "gentoo-systemd", "opensuse-15", "oraclelinux-9", "photon-4", @@ -234,25 +206,17 @@ "rockylinux-8", ] -LATEST_PKG_BLACKLIST = [ - "gentoo", - "gentoo-systemd", -] +LATEST_PKG_BLACKLIST = [] -## "amazon-2023": "Amazon 2023", -## "opensuse-tumbleweed": "Opensuse Tumbleweed", DISTRO_DISPLAY_NAMES = { "almalinux-8": "AlmaLinux 8", "almalinux-9": "AlmaLinux 9", "amazon-2": "Amazon 2", - "arch": "Arch", "centos-stream9": "CentOS Stream 9", "debian-11": "Debian 11", "debian-12": "Debian 12", "fedora-39": "Fedora 39", "fedora-40": "Fedora 40", - "gentoo": "Gentoo", - "gentoo-systemd": "Gentoo (systemd)", "opensuse-15": "Opensuse 15", "oraclelinux-8": "Oracle Linux 8", "oraclelinux-9": "Oracle Linux 9", @@ -265,19 +229,12 @@ "ubuntu-2404": "Ubuntu 24.04", "macos-12": "macOS 12", "macos-13": "macOS 13", - "windows-2019": "Windows 2019", "windows-2022": "Windows 2022", } TIMEOUT_DEFAULT = 20 -TIMEOUT_OVERRIDES = { - "gentoo": 90, - "gentoo-systemd": 90, -} -VERSION_ONLY_OVERRIDES = [ - "gentoo", - "gentoo-systemd", -] +TIMEOUT_OVERRIDES = {} +VERSION_ONLY_OVERRIDES = [] TEMPLATE = """ {distro}: diff --git a/.github/workflows/test-linux.yml b/.github/workflows/test-linux.yml index c15a5bc30..d31ef758f 100644 --- a/.github/workflows/test-linux.yml +++ b/.github/workflows/test-linux.yml @@ -26,7 +26,11 @@ on: jobs: Test: name: ${{ matrix.instance }} - runs-on: ubuntu-20.04 + ## runs-on: ubuntu-20.04 + runs-on: ubuntu-latest + container: + image: ghcr.io/saltstack/salt-ci-containers/packaging:ubuntu-22.04 + timeout-minutes: ${{ inputs.timeout }} strategy: max-parallel: 2 @@ -37,39 +41,18 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.6.10 - ## ruby-version: 3.3.4 - bundler-cache: true - - - name: Set up Python 3.10 - uses: actions/setup-python@v5 - with: - python-version: "3.10" - - - name: Install Python Dependencies + - name: Install Pytest run: | - python3 -m pip install -U pip - python3 -m pip install -r tests/requirements.txt + pip install -U pytest - - name: Create Test Instance - run: | - bundle exec kitchen create ${{ matrix.instance }}-${{ inputs.distro-slug }} || \ - (sleep 10 && bundle exec kitchen create ${{ matrix.instance }}-${{ inputs.distro-slug }}) - sleep 2 - - - name: Test Bootstrap - run: | - bundle exec kitchen verify ${{ matrix.instance }}-${{ inputs.distro-slug }} - sleep 2 + ## TBD Disabled until CI/CD is functional + ## - name: Bootstrap Salt + ## run: | + ## sh -x ./bootstrap-salt.sh - - name: Destroy Test Instance - if: always() - run: | - bundle exec kitchen destroy ${{ matrix.instance }}-${{ inputs.distro-slug }} - sleep 2 + ## - name: Test Bootstrap + ## run: | + ## pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/ - name: Set Exit Status if: always() diff --git a/.github/workflows/test-macos.yml b/.github/workflows/test-macos.yml index ccabff32a..504f8b3e7 100644 --- a/.github/workflows/test-macos.yml +++ b/.github/workflows/test-macos.yml @@ -28,13 +28,11 @@ on: default: 20 description: The timeout(in minutes) for the workflow -env: - KITCHEN_LOCAL_YAML: 'kitchen.macos.yml' - jobs: Test: name: ${{ matrix.instance }} - runs-on: ${{ inputs.runs-on }} + ## runs-on: ${{ inputs.runs-on }} + runs-on: macos-13 timeout-minutes: ${{ inputs.timeout }} strategy: fail-fast: false @@ -44,39 +42,18 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.6.10 - ## ruby-version: 3.3.4 - bundler-cache: true - - - name: Set up Python 3.10 - uses: actions/setup-python@v5 - with: - python-version: "3.10" - - - name: Install Python Dependencies + - name: Install Pytest run: | - pip install -U pip - pip install -r tests/requirements.txt + pip install -U pytest - - name: Create Test Instance + - name: Bootstrap Salt run: | - bundle exec kitchen create ${{ matrix.instance }}-${{ inputs.distro-slug }} || \ - (sleep 10 && bundle exec kitchen create ${{ matrix.instance }}-${{ inputs.distro-slug }}) - sleep 2 + sudo sh -x ./bootstrap-salt.sh - - name: Test Bootstrap - run: | - bundle exec kitchen verify ${{ matrix.instance }}-${{ inputs.distro-slug }} - sleep 2 - - - name: Destroy Test Instance - if: always() - run: | - bundle exec kitchen destroy ${{ matrix.instance }}-${{ inputs.distro-slug }} - sleep 2 + ## TBD Disabled until CI/CD is functional + ## - name: Test Bootstrap + ## run: | + ## pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/ - name: Set Exit Status if: always() diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 25d300ce8..e4d4dde34 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -28,16 +28,10 @@ on: default: 20 description: The timeout(in minutes) for the workflow -env: - machine_user: kitchen - machine_pass: Password1 - machine_port: 5985 - KITCHEN_LOCAL_YAML: 'kitchen.windows.yml' - jobs: Test: name: ${{ matrix.instance }} - runs-on: ${{ inputs.runs-on }} + runs-on: windows-latest timeout-minutes: ${{ inputs.timeout }} strategy: fail-fast: false @@ -47,65 +41,34 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.6.10 - ## ruby-version: 3.3.4 - bundler-cache: true - - - name: Install Chef - uses: actionshub/chef-install@1.1.0 - with: - project: chef - version: 16.10.8 - - - name: Add Chef bindir to PATH - uses: myci-actions/export-env-var-powershell@1 - with: - name: PATH - value: "C:\\opscode\\chef\\bin;C:\\opscode\\chef\\embedded\\bin;$env:PATH" - - - name: Setup test user - run: | - $password = ConvertTo-SecureString $env:machine_pass -AsPlainText -Force - New-LocalUser $env:machine_user -Password $password - Add-LocalGroupMember -Group "Administrators" -Member $env:machine_user - Get-LocalUser - Get-LocalGroupMember -Group "Administrators" - - - name: Set up WinRM - run: | - Set-WSManQuickConfig -Force - winrm set winrm/config/service '@{AllowUnencrypted="True"}' - env - - name: Set up Python 3.10 uses: actions/setup-python@v5 with: python-version: "3.10" - - name: Install Python Dependencies + - name: Install Pytest run: | - pip install -U pip - pip install -r tests/requirements.txt + pip install -r tests\requirements.txt - - name: Create Test Instance + - name: Get Version run: | - bundle exec kitchen create ${{ matrix.instance }}-${{ inputs.distro-slug }} - sleep 2 - - - name: Test Bootstrap + # We need to get the version here and make it an environment variable + # It is used to install via bootstrap and in the test + # The version is in the instance name + $instance = "${{ matrix.instance }}" + $version = $instance -split "-",2 + if ( $version.Count -gt 1 ) { + $version = $version[1].Replace("-", ".") + } + Write-Output "SaltVersion=$version" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + + - name: Bootstrap Salt run: | - env - bundle exec kitchen verify ${{ matrix.instance }}-${{ inputs.distro-slug }} - sleep 2 + . .\bootstrap-salt.ps1 -RunService $false -Version $env:SaltVersion - - name: Destroy Test Instance - if: always() + - name: Test Bootstrap run: | - bundle exec kitchen destroy ${{ matrix.instance }}-${{ inputs.distro-slug }} - sleep 2 + pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/ - name: Set Exit Status if: always() diff --git a/.gitignore b/.gitignore index 9b7ebc0b0..f21787dbe 100644 --- a/.gitignore +++ b/.gitignore @@ -2,14 +2,9 @@ *.sw? *.un~ .vagrant +*__pycache__ tools venv # Pycharm .idea - -# test-kitchen -.kitchen.local.yml -kitchen.local.yml -.kitchen/ -.bundle/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9fb6a2607..85e4d1787 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,13 +37,6 @@ repos: args: - requirements/release.in -## DGM - repo: https://github.com/asottile/pyupgrade -## DGM rev: v3.15.0 -## DGM hooks: -## DGM - id: pyupgrade -## DGM name: Rewrite Code to be Py3.10+ -## DGM args: [--py310-plus] - - repo: https://github.com/asottile/pyupgrade rev: v3.15.0 hooks: @@ -58,7 +51,7 @@ repos: args: [--py310-plus] - repo: https://github.com/psf/black - rev: 24.1.0 + rev: 24.10.0 hooks: - id: black args: [] diff --git a/CHANGELOG.md b/CHANGELOG.md index 33ee81d93..725022f71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,30 @@ +# v2024.11.07 + +## What's Changed + +- Changed release runners and shell script date by @dmurphy18 in https://github.com/saltstack/salt-bootstrap/pull/2035 +- Forcing git tag to not sign by @dmurphy18 in https://github.com/saltstack/salt-bootstrap/pull/2036 +- Fixing git tag signing issue by @dmurphy18 in https://github.com/saltstack/salt-bootstrap/pull/2037 + +**Full Changelog**: https://github.com/saltstack/salt-bootstrap/compare/v2024.11.06...v2024.11.07 + +# v2024.11.07 + +## What's Changed + +- Changed release runners and shell script date by @dmurphy18 in https://github.com/saltstack/salt-bootstrap/pull/2035 +- Forcing git tag to not sign by @dmurphy18 in https://github.com/saltstack/salt-bootstrap/pull/2036 + +**Full Changelog**: https://github.com/saltstack/salt-bootstrap/compare/v2024.11.06...v2024.11.07 + +# v2024.11.07 + +## What's Changed + +- Changed release runners and shell script date by @dmurphy18 in https://github.com/saltstack/salt-bootstrap/pull/2035 + +**Full Changelog**: https://github.com/saltstack/salt-bootstrap/compare/v2024.11.06...v2024.11.07 + # v2024.09.24 ## What's Changed diff --git a/Gemfile b/Gemfile deleted file mode 100644 index a70a9da93..000000000 --- a/Gemfile +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -gem 'test-kitchen', '>= 3.2.2' -gem 'kitchen-salt', '>= 0.7.2' -gem 'kitchen-docker', :git => 'https://github.com/test-kitchen/kitchen-docker.git', :branch => 'main' - -group :vagrant do - gem 'kitchen-vagrant' -end diff --git a/README.rst b/README.rst index 1f1687f83..aa7609d33 100644 --- a/README.rst +++ b/README.rst @@ -37,6 +37,7 @@ sum** of the downloaded ``bootstrap-salt.sh`` file. The SHA256 sum of the ``bootstrap-salt.sh`` file, per release, is: +- 2024.09.24: ``88e4e4cad4b115a7b721dd9c21d5ee5df390b5b73b63de48f99399146f43f371`` - 2024.07.23: ``7212b6b497b5c3d2bf15bfe5301625ec7bc1bf3e2949cd47d8e2073614935bf8`` - 2024.07.18: ``92a74e7ff8a9032a7713c2b3955991d66aaca08a4eb9494ce3dd66b5044f6bc3`` - 2024.07.16: ``4f76d1549c71d696a605f97645d8633b6269c4d9ae54b1fbdfedca1dcf893e7a`` diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 4a8a57f57..000000000 --- a/Vagrantfile +++ /dev/null @@ -1,119 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - # All Vagrant configuration is done here. The most common configuration - # options are documented and commented below. For a complete reference, - # please see the online documentation at vagrantup.com. - - # Every Vagrant virtual environment requires a box to build off of. - config.vm.box = "ubuntu/focal64" - - # The url from where the 'config.vm.box' box will be fetched if it - # doesn't already exist on the user's system. - # config.vm.box_url = "http://domain.com/path/to/above.box" - - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. In the example below, - # accessing "localhost:8080" will access port 80 on the guest machine. - # config.vm.network :forwarded_port, guest: 80, host: 8080 - - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network :private_network, ip: "192.168.33.10" - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - # config.vm.network :public_network - - # If true, then any SSH connections made will enable agent forwarding. - # Default value: false - # config.ssh.forward_agent = true - - # Share an additional folder to the guest VM. The first argument is - # the path on the host to the actual folder. The second argument is - # the path on the guest to mount the folder. And the optional third - # argument is a set of non-required options. - config.vm.synced_folder ".", "/salt_bootstrap" - - config.vm.provision "shell", path: "bootstrap-salt.sh" - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - # config.vm.provider :virtualbox do |vb| - # # Don't boot with headless mode - # vb.gui = true - # - # # Use VBoxManage to customize the VM. For example to change memory: - # vb.customize ["modifyvm", :id, "--memory", "1024"] - # end - # - # View the documentation for the provider you're using for more - # information on available options. - - # Enable provisioning with Puppet stand alone. Puppet manifests - # are contained in a directory path relative to this Vagrantfile. - # You will need to create the manifests directory and a manifest in - # the file precise64.pp in the manifests_path directory. - # - # An example Puppet manifest to provision the message of the day: - # - # # group { "puppet": - # # ensure => "present", - # # } - # # - # # File { owner => 0, group => 0, mode => 0644 } - # # - # # file { '/etc/motd': - # # content => "Welcome to your Vagrant-built virtual machine! - # # Managed by Puppet.\n" - # # } - # - # config.vm.provision :puppet do |puppet| - # puppet.manifests_path = "manifests" - # puppet.manifest_file = "site.pp" - # end - - # Enable provisioning with chef solo, specifying a cookbooks path, roles - # path, and data_bags path (all relative to this Vagrantfile), and adding - # some recipes and/or roles. - # - # config.vm.provision :chef_solo do |chef| - # chef.cookbooks_path = "../my-recipes/cookbooks" - # chef.roles_path = "../my-recipes/roles" - # chef.data_bags_path = "../my-recipes/data_bags" - # chef.add_recipe "mysql" - # chef.add_role "web" - # - # # You may also specify custom JSON attributes: - # chef.json = { :mysql_password => "foo" } - # end - - # Enable provisioning with chef server, specifying the chef server URL, - # and the path to the validation key (relative to this Vagrantfile). - # - # The Opscode Platform uses HTTPS. Substitute your organization for - # ORGNAME in the URL and validation key. - # - # If you have your own Chef Server, use the appropriate URL, which may be - # HTTP instead of HTTPS depending on your configuration. Also change the - # validation key to validation.pem. - # - # config.vm.provision :chef_client do |chef| - # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME" - # chef.validation_key_path = "ORGNAME-validator.pem" - # end - # - # If you're using the Opscode platform, your validator client is - # ORGNAME-validator, replacing ORGNAME with your organization name. - # - # If you have your own Chef Server, the default validation client name is - # chef-validator, unless you changed the configuration. - # - # chef.validation_client_name = "ORGNAME-validator" -end diff --git a/bootstrap-salt.ps1 b/bootstrap-salt.ps1 index eccbb3526..85223d371 100644 --- a/bootstrap-salt.ps1 +++ b/bootstrap-salt.ps1 @@ -18,7 +18,7 @@ Specifies a particular version of the installer. .EXAMPLE - ./bootstrap-salt.ps1 -RunService false + ./bootstrap-salt.ps1 -RunService $false Specifies the salt-minion service to stop and be set to manual. Useful for testing locally from the command line with the --local switch @@ -28,7 +28,7 @@ installer values of host name for the minion id and "salt" for the master. .EXAMPLE - ./bootstrap-salt.ps1 -Minion minion-box -Master master-box -Version 3006.7 -RunService false + ./bootstrap-salt.ps1 -Minion minion-box -Master master-box -Version 3006.7 -RunService $false Specifies all the optional parameters in no particular order. .NOTES @@ -56,12 +56,11 @@ param( [String]$Version = "latest", [Parameter(Mandatory=$false, ValueFromPipeline=$True)] - [ValidateSet("true","false")] [Alias("s")] - # Boolean flag to start or stop the minion service. True will start the - # minion service. False will stop the minion service and set it to "manual". + # Boolean flag to start or stop the minion service. $true will start the + # minion service. $false will stop the minion service and set it to "manual". # The installer starts it by default. - [String]$RunService = "true", + [Bool]$RunService = $true, [Parameter(Mandatory=$false, ValueFromPipeline=$True)] [Alias("m")] @@ -76,12 +75,11 @@ param( [Parameter(Mandatory=$false, ValueFromPipeline=$True)] [Alias("r")] - # URL to the windows packages. Will look for a file named repo.json at the - # root of the URL. This file is used to determine the name and location of - # the installer in the repo. If repo.json is not found, it will look for the - # file under the minor directory. - # Default is "https://repo.saltproject.io/salt/py3/windows" - [String]$RepoUrl = "https://repo.saltproject.io/salt/py3/windows", + # URL to the windows packages. Will look for the installer at the root of + # the URL/Version. Place a folder for each version of Salt in this directory + # and place the installer binary for each version in its folder. + # Default is "https://packages.broadcom.com/artifactory/saltproject-generic/windows/" + [String]$RepoUrl = "https://packages.broadcom.com/artifactory/saltproject-generic/windows/", [Parameter(Mandatory=$false, ValueFromPipeline=$True)] [Alias("c")] @@ -110,7 +108,7 @@ if ($help) { exit 0 } -$__ScriptVersion = "2024.09.24" +$__ScriptVersion = "2024.11.07" $ScriptName = $myInvocation.MyCommand.Name # We'll check for the Version next, because it also has no requirements @@ -301,16 +299,29 @@ if (!(Get-IsAdministrator)) { } #=============================================================================== -# Change RepoUrl for older versions +# Check for older versions #=============================================================================== -$defaultUrl = "https://repo.saltproject.io/salt/py3/windows" -$oldRepoUrl = "https://repo.saltproject.io/windows" $majorVersion = Get-MajorVersion -Version $Version -if ( [Uri]($RepoUrl).AbsoluteUri -eq $defaultUrl ) { - # No customURL passed, let's check for a pre 3006 version - if ($majorVersion -lt "3006") { - # This is an older version, use the old URL - $RepoUrl = $oldRepoUrl +if ($majorVersion -lt "3006") { + # This is an older version, use the old URL + Write-Host "Versions older than 3006 are not available" -ForegroundColor Red + exit 1 +} + +#=============================================================================== +# Declare variables +#=============================================================================== +$ConfDir = "$RootDir\conf" +$PkiDir = "$ConfDir\pki\minion" +$RootDir = "$env:ProgramData\Salt Project\Salt" +$DfltUrl = "https://packages.broadcom.com/artifactory/saltproject-generic/windows/" +$ApiUrl = "https://packages.broadcom.com/artifactory/api/storage/saltproject-generic/windows" + +# Check for existing installation where RootDir is stored in the registry +$SaltRegKey = "HKLM:\SOFTWARE\Salt Project\Salt" +if (Test-Path -Path $SaltRegKey) { + if ($null -ne (Get-ItemProperty $SaltRegKey).root_dir) { + $RootDir = (Get-ItemProperty $SaltRegKey).root_dir } } @@ -325,48 +336,24 @@ Write-Verbose "runservice: $RunService" Write-Verbose "master: $Master" Write-Verbose "minion: $Minion" Write-Verbose "repourl: $RepoUrl" +Write-Verbose "apiurl: $ApiUrl" +Write-Verbose "ConfDir: $ConfDir" +Write-Verbose "RootDir: $RootDir" -if ($RunService.ToLower() -eq "true") { +if ($RunService) { Write-Verbose "Windows service will be set to run" [bool]$RunService = $True -} elseif ($RunService.ToLower() -eq "false") { +} else { Write-Verbose "Windows service will be stopped and set to manual" [bool]$RunService = $False -} else { - # Param passed in wasn't clear so defaulting to true. - Write-Verbose "Windows service defaulting to run automatically" - [bool]$RunService = $True } #=============================================================================== -# Ensure Directories are present, copy Vagrant Configs if found +# Copy Vagrant Files to their proper location. #=============================================================================== $ConfiguredAnything = $False -# Detect older version of Salt to determing default RootDir -if ($majorVersion -lt 3004) { - $RootDir = "$env:SystemDrive`:\salt" -} else { - $RootDir = "$env:ProgramData\Salt Project\Salt" -} - -# Check for existing installation where RootDir is stored in the registry -$SaltRegKey = "HKLM:\SOFTWARE\Salt Project\Salt" -if (Test-Path -Path $SaltRegKey) { - if ($null -ne (Get-ItemProperty $SaltRegKey).root_dir) { - $RootDir = (Get-ItemProperty $SaltRegKey).root_dir - } -} - -$ConfDir = "$RootDir\conf" -$PkiDir = "$ConfDir\pki\minion" -Write-Verbose "ConfDir: $ConfDir" - -#=============================================================================== -# Copy Vagrant Files to their proper location. -#=============================================================================== - # Vagrant files will be placed in C:\tmp # Check if minion keys have been uploaded, copy to correct location if (Test-Path C:\tmp\minion.pem) { @@ -413,146 +400,83 @@ if ([IntPtr]::Size -eq 4) { } #=============================================================================== -# Get file name to download +# Getting version information from the repo #=============================================================================== -$saltFileName = "" -$saltVersion = "" -$saltSha512= "" -$saltFileUrl = "" -# Look for a repo.json file -try { - Write-Verbose "Looking for $RepoUrl/repo.json" - $response = Invoke-WebRequest "$RepoUrl/repo.json" ` - -DisableKeepAlive ` - -UseBasicParsing ` - -Method Head - if ( $response.StatusCode -eq "200" ) { - Write-Verbose "Found $RepoUrl/repo.json" - # This URL contains a repo.json file, let's use it - $use_repo_json = $true - } else { - Write-Verbose "Did not find $RepoUrl/repo.json" - # No repo.json file found at the default location - $use_repo_json = $false +if ( $RepoUrl -eq $DfltUrl ) { + Write-Verbose "Getting version information from Artifactory" + $response = Invoke-WebRequest $ApiUrl -UseBasicParsing + # Convert the output to a powershell object + $psobj = $response.ToString() | ConvertFrom-Json + + # Filter the object for folders + $filtered = $psobj.children | Where-Object -Property folder -EQ $true + + # Get each uri and add it to the list of versions + $available_versions = [System.Collections.ArrayList]@() + $filtered | Select-Object -Property uri | ForEach-Object { + $available_versions.Add($_.uri.Trim("/")) | Out-Null } -} catch { - Write-Verbose "There was an error looking up $RepoUrl/repo.json" - Write-Verbose "ERROR: $_" - $use_repo_json = $false -} -if ( $use_repo_json ) { - # We will use the json file to get the name of the installer - $enc = [System.Text.Encoding]::UTF8 - try { - Write-Verbose "Downloading $RepoUrl/repo.json" - $response = Invoke-WebRequest -Uri "$RepoUrl/repo.json" -UseBasicParsing - if ($response.Content.GetType().Name -eq "Byte[]") { - $psobj = $enc.GetString($response.Content) | ConvertFrom-Json - } else { - $psobj = $response.Content | ConvertFrom-Json - } - $hash = Convert-PSObjectToHashtable $psobj - } catch { - Write-Verbose "repo.json not found at: $RepoUrl" - Write-Host "ERROR: $_" - $hash = @{} + + # Create a versions table, similar to repo.json + # This will have the latest version available, the latest version available for + # each major version, and every version available. This makes the version + # lookup logic easier. You can view the contents of the versions table by + # passing the -Verbose command + $latest = $available_versions | Select-Object -Last 1 + $versions_table = [ordered]@{"latest"=$latest} + + $available_versions | ForEach-Object { + $versions_table[$(Get-MajorVersion $_)] = $_ + $versions_table[$_.ToLower()] = $_.ToLower() } - $searchVersion = $Version.ToLower() - if ( $hash.Contains($searchVersion)) { - Write-Verbose "Found $searchVersion in $RepoUrl/repo.json" - foreach ($item in $hash.($searchVersion).Keys) { - if ( $item.ToLower().EndsWith(".exe") ) { - if ( $item.ToLower().Contains($arch.ToLower()) ) { - $saltFileName = $hash.($searchVersion).($item).name - $saltVersion = $hash.($searchVersion).($item).version - $saltSha512 = $hash.($searchVersion).($item).SHA512 - } - } - } + Write-Verbose "Available versions:" + $available_versions | ForEach-Object { + Write-Verbose "- $_" + } + Write-Verbose "Versions Table:" + $versions_table | Sort-Object Name | Out-String | Write-Verbose + + #=============================================================================== + # Validate passed version + #=============================================================================== + if ( $versions_table.Contains($Version.ToLower()) ) { + $Version = $versions_table[$Version.ToLower()] } else { - try { - Write-Verbose "Searching for $searchVersion in $RepoUrl/minor/repo.json" - $response = Invoke-WebRequest -Uri "$RepoUrl/minor/repo.json" -UseBasicParsing - if ($response.Content.GetType().Name -eq "Byte[]") { - $psobj = $enc.GetString($response.Content) | ConvertFrom-Json - } else { - $psobj = $response.Content | ConvertFrom-Json - } - $hash = Convert-PSObjectToHashtable $psobj - } catch { - Write-Verbose "repo.json not found at: $RepoUrl/minor/repo.json" - Write-Verbose "ERROR: $_" - $hash = @{} - } - if ( $hash.Contains($searchVersion)) { - Write-Verbose "Found $searchVersion in $RepoUrl/minor/repo.json" - foreach ($item in $hash.($searchVersion).Keys) { - if ( $item.ToLower().EndsWith(".exe") ) { - if ( $item.ToLower().Contains($arch.ToLower()) ) { - $saltFileName = $hash.($searchVersion).($item).name - $saltVersion = $hash.($searchVersion).($item).version - $saltSha512 = $hash.($searchVersion).($item).SHA512 - } - } - } - } else { - Write-Verbose "Version not found in $RepoUrl/minor/repo.json" - } + Write-Host "Version $Version is not available" -ForegroundColor Red + Write-Host "Available versions are:" -ForegroundColor Yellow + $available_versions | ForEach-Object { Write-Host "- $_" -ForegroundColor Yellow } + exit 1 } -} -if ( $saltFileName -and $saltVersion -and $saltSha512 ) { - Write-Verbose "Found Name, Version, and Sha" -} else { - # We will guess the name of the installer - Write-Verbose "Failed to get Name, Version, and Sha from repo.json" - Write-Verbose "We'll try to find the file in standard paths" + #=============================================================================== + # Get file url and sha256 + #=============================================================================== $saltFileName = "Salt-Minion-$Version-Py3-$arch-Setup.exe" - $saltVersion = $Version -} - -Write-Verbose "Creating list of urls using the following:" -Write-Verbose "RepoUrl: $RepoUrl" -Write-Verbose "Version: $saltVersion" -Write-Verbose "File Name: $saltFileName" -$urls = $(@($RepoUrl, $saltVersion, $saltFileName) -join "/"), - $(@($RepoUrl, "minor", $saltVersion, $saltFileName) -join "/"), - $(@($RepoUrl, $saltFileName) -join "/"), - $(@($oldRepoUrl, $saltFileName) -join "/") + $response = Invoke-WebRequest "$ApiUrl/$Version/$saltFileName" -UseBasicParsing + $psobj = $response.ToString() | ConvertFrom-Json + $saltFileUrl = $psobj.downloadUri + $saltSha256 = $psobj.checksums.sha256 -$saltFileUrl = $null - -foreach ($url in $urls) { - try { - Write-Verbose "Looking for installer at: $url" - $response = Invoke-WebRequest "$url" ` - -DisableKeepAlive ` - -UseBasicParsing ` - -Method Head - if ( $response.StatusCode -eq "200" ) { - Write-Verbose "Found installer" - # This URL contains a repo.json file, let's use it - $saltFileUrl = $url - break - } else { - Write-Verbose "Installer not found: $url" - } - } catch { - Write-Verbose "ERROR: $url" - } -} - -if ( !$saltFileUrl ) { - Write-Host "Could not find an installer:" - Write-Verbose "Here are the urls searched:" - foreach ($url in $urls) { - Write-Verbose $url + if ( $saltFileName -and $saltVersion -and $saltSha256) { + Write-Verbose "Found Name, Version, and Sha" + } else { + # We will guess the name of the installer + Write-Verbose "Failed to get Name, Version, and Sha from Artifactory API" + Write-Verbose "We'll try to find the file in standard paths" + $saltFileName = "Salt-Minion-$Version-Py3-$arch-Setup.exe" + $saltVersion = $Version } - exit 1 +} else { + # If we're using a custom RepoUrl, we're going to assum that the binary is + # in the reoot of the RepoUrl/Version. We will not check the sha on custom + # repos + $saltFileName = "Salt-Minion-$Version-Py3-$arch-Setup.exe" + $saltFileUrl = "$RepoUrl/$Version/$saltFileName" + $saltVersion = $Version + $saltSha256 = "" } - #=============================================================================== # Download minion setup file #=============================================================================== @@ -561,6 +485,7 @@ Write-Host " Bootstrapping Salt Minion" -ForegroundColor Green Write-Host " - version: $Version" Write-Host " - file name: $saltFileName" Write-Host " - file url: $saltFileUrl" +Write-Host " - file hash: $saltSha256" Write-Host " - master: $Master" Write-Host " - minion id: $Minion" Write-Host " - start service: $RunService" @@ -573,22 +498,23 @@ Write-Verbose "" Write-Verbose "Salt File URL: $saltFileUrl" Write-Verbose "Local File: $localFile" -$webclient = New-Object System.Net.WebClient -$webclient.DownloadFile($saltFileUrl, $localFile) +if ( Test-Path -Path $localFile ) {Remove-Item -Path $localFile -Force} +Invoke-WebRequest -Uri $saltFileUrl -OutFile $localFile if ( Test-Path -Path $localFile ) { Write-Host "Success" -ForegroundColor Green } else { Write-Host "Failed" -ForegroundColor Red + exit 1 } -if ( $saltSha512 ) { - $localSha512 = (Get-FileHash -Path $localFile -Algorithm SHA512).Hash +if ( $saltSha256 ) { + $localSha256 = (Get-FileHash -Path $localFile -Algorithm SHA256).Hash Write-Host "Comparing Hash: " -NoNewline Write-Verbose "" - Write-Verbose "Local Hash: $localSha512" - Write-Verbose "Remote Hash: $saltSha512" - if ( $localSha512 -eq $saltSha512 ) { + Write-Verbose "Local Hash: $localSha256" + Write-Verbose "Remote Hash: $saltSha256" + if ( $localSha256 -eq $saltSha256 ) { Write-Host "Success" -ForegroundColor Green } else { Write-Host "Failed" -ForegroundColor Red @@ -626,7 +552,7 @@ $process | Wait-Process -Timeout 300 -ErrorAction SilentlyContinue $process.Refresh() if ( !$process.HasExited ) { - Write-Host "Timedout" -ForegroundColor Yellow + Write-Host "Installer Timeout" -ForegroundColor Yellow Write-Host "Killing hung installer: " -NoNewline $process | Stop-Process $process.Refresh() @@ -636,8 +562,6 @@ if ( !$process.HasExited ) { Write-Host "Failed" -ForegroundColor Red exit 1 } - - Write-Host "Checking installed service: " -NoNewline } # Wait for salt-minion service to be registered to verify successful @@ -658,7 +582,7 @@ while ( ! $service ) { # probably went wrong and user intervention is required - report # failure. Write-Host "Failed" -ForegroundColor Red - Write-Host "Timed out waiting for the salt-minion service to be installed" + Write-Host "Timeout waiting for the salt-minion service to be installed" exit 1 } } @@ -676,27 +600,31 @@ if( $RunService ) { # We'll try for 2 minutes, sometimes the minion takes that long to start as # it compiles python code for the first time $max_tries = 60 - while ( $service.Status -ne "Running" ) { - if ( $service.Status -eq "Stopped" ) { - Start-Service -Name "salt-minion" -ErrorAction SilentlyContinue - } - Start-Sleep -Seconds 2 - Write-Verbose "Checking the service status" - $service.Refresh() - if ( $service.Status -eq "Running" ) { - Write-Host "Success" -ForegroundColor Green - } else { - if ( $tries -le $max_tries ) { - $tries += 1 + if ( $service.Status -ne "Running" ) { + while ( $service.Status -ne "Running" ) { + if ( $service.Status -eq "Stopped" ) { + Start-Service -Name "salt-minion" -ErrorAction SilentlyContinue + } + Start-Sleep -Seconds 2 + Write-Verbose "Checking the service status" + $service.Refresh() + if ( $service.Status -eq "Running" ) { + Write-Host "Success" -ForegroundColor Green } else { - # If the salt-minion service is still not running, something - # probably went wrong and user intervention is required - report - # failure. - Write-Host "Failed" -ForegroundColor Red - Write-Host "Timed out waiting for the salt-minion service to start" - exit 1 + if ( $tries -le $max_tries ) { + $tries += 1 + } else { + # If the salt-minion service is still not running, something + # probably went wrong and user intervention is required - report + # failure. + Write-Host "Failed" -ForegroundColor Red + Write-Host "Timed out waiting for the salt-minion service to start" + exit 1 + } } } + } else { + Write-Host "Success" -ForegroundColor Green } } else { # Set the service to manual start diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 17d82f6c0..e6b25f2d3 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -26,7 +26,7 @@ #====================================================================================================================== set -o nounset # Treat unset variables as an error -__ScriptVersion="2024.09.24" +__ScriptVersion="2024.11.07" __ScriptName="bootstrap-salt.sh" __ScriptFullName="$0" @@ -124,6 +124,28 @@ __check_command_exists() { command -v "$1" > /dev/null 2>&1 } +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __check_services_systemd_functional +# DESCRIPTION: Set _SYSTEMD_FUNCTIONAL = BS_TRUE or BS_FALSE case where systemd is functional (for example: container may not have systemd) +#---------------------------------------------------------------------------------------------------------------------- +__check_services_systemd_functional() { + + # check if systemd is functional, having systemctl present is insufficient + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_FALSE ]; then + # already determined systemd is not functional, default is 1 + return + fi + + if __check_command_exists systemctl; then + # shellcheck disable=SC2034 + _SYSTEMD_HELP="$(systemctl --help)" + else + _SYSTEMD_FUNCTIONAL=$BS_FALSE + echoerror "systemctl: command not found, assume systemd not implemented, _SYSTEMD_FUNCTIONAL $_SYSTEMD_FUNCTIONAL" + fi +} # ---------- end of function __check_services_systemd_functional ---------- + #--- FUNCTION ------------------------------------------------------------------------------------------------------- # NAME: __check_pip_allowed # DESCRIPTION: Simple function to let the users know that -P needs to be used. @@ -267,9 +289,7 @@ _CUSTOM_REPO_URL="null" _CUSTOM_MASTER_CONFIG="null" _CUSTOM_MINION_CONFIG="null" _QUIET_GIT_INSTALLATION=$BS_FALSE -_REPO_URL="repo.saltproject.io" -_ONEDIR_DIR="salt" -_ONEDIR_NIGHTLY_DIR="salt-dev/${_ONEDIR_DIR}" +_REPO_URL="packages.broadcom.com/artifactory" _PY_EXE="python3" _MINIMUM_PIP_VERSION="9.0.1" _MINIMUM_SETUPTOOLS_VERSION="65.6.3" @@ -278,6 +298,7 @@ _PIP_INSTALL_ARGS="--prefix=/usr" _PIP_DOWNLOAD_ARGS="" _QUICK_START="$BS_FALSE" _AUTO_ACCEPT_MINION_KEYS="$BS_FALSE" +_SYSTEMD_FUNCTIONAL=$BS_TRUE # Defaults for install arguments ITYPE="stable" @@ -296,9 +317,9 @@ __usage() { - stable Install latest stable release. This is the default install type - stable [branch] Install latest version on a branch. Only supported - for packages available at repo.saltproject.io + for packages available at packages.broadcom.com - stable [version] Install a specific version. Only supported for - packages available at repo.saltproject.io + packages available at packages.broadcom.com To pin a 3xxx minor version, specify it as 3xxx.0 - testing RHEL-family specific: configure EPEL testing repo - git Install from the head of the master branch @@ -306,11 +327,11 @@ __usage() { commit) - onedir Install latest onedir release. - onedir [version] Install a specific version. Only supported for - onedir packages available at repo.saltproject.io + onedir packages available at packages.broadcom.com - onedir_rc Install latest onedir RC release. - onedir_rc [version] Install a specific version. Only supported for - onedir RC packages available at repo.saltproject.io + onedir RC packages available at packages.broadcom.com Examples: - ${__ScriptName} @@ -393,8 +414,8 @@ __usage() { And automatically accept the minion key. -R Specify a custom repository URL. Assumes the custom repository URL points to a repository that mirrors Salt packages located at - repo.saltproject.io. The option passed with -R replaces the - "repo.saltproject.io". If -R is passed, -r is also set. Currently only + packages.broadcom.com. The option passed with -R replaces the + "packages.broadcom.com". If -R is passed, -r is also set. Currently only works on CentOS/RHEL and Debian based distributions and macOS. -s Sleep time used when waiting for daemons to start, restart and when checking for the services running. Default: ${__DEFAULT_SLEEP} @@ -580,6 +601,15 @@ echoinfo "Running version: ${__ScriptVersion}" echoinfo "Executed by: ${CALLER}" echoinfo "Command line: '${__ScriptFullName} ${__ScriptArgs}'" +# Defaults +STABLE_REV="latest" +ONEDIR_REV="latest" +_ONEDIR_REV="latest" +YUM_REPO_FILE="/etc/yum.repos.d/salt.repo" + +# check if systemd is functional +__check_services_systemd_functional + # Define installation type if [ "$#" -gt 0 ];then __check_unparsed_options "$*" @@ -608,22 +638,25 @@ if [ "$ITYPE" = "git" ]; then # If doing stable install, check if version specified elif [ "$ITYPE" = "stable" ]; then if [ "$#" -eq 0 ];then + STABLE_REV="latest" ONEDIR_REV="latest" _ONEDIR_REV="latest" ITYPE="onedir" else - if [ "$(echo "$1" | grep -E '^(nightly|latest|3006|3007)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then + STABLE_REV="$1" ONEDIR_REV="$1" _ONEDIR_REV="$1" ITYPE="onedir" shift elif [ "$(echo "$1" | grep -E '^([3-9][0-5]{2}[5-9](\.[0-9]*)?)')" != "" ]; then - ONEDIR_REV="minor/$1" + STABLE_REV="$1" + ONEDIR_REV="$1" _ONEDIR_REV="$1" ITYPE="onedir" shift else - echo "Unknown stable version: $1 (valid: 3006, 3007, latest)" + echo "Unknown stable version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available" exit 1 fi fi @@ -631,47 +664,54 @@ elif [ "$ITYPE" = "stable" ]; then elif [ "$ITYPE" = "onedir" ]; then if [ "$#" -eq 0 ];then ONEDIR_REV="latest" + STABLE_REV="latest" else - if [ "$(echo "$1" | grep -E '^(nightly|latest|3006|3007)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|3006|3007)$')" != "" ]; then ONEDIR_REV="$1" + STABLE_REV="$1" shift elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}(\.[0-9]*)?)')" != "" ]; then - ONEDIR_REV="minor/$1" + ONEDIR_REV="$1" + STABLE_REV="$1" shift else - echo "Unknown onedir version: $1 (valid: 3006, 3007, latest, nightly.)" + echo "Unknown onedir version: $1 (valid: 3006, 3007, latest), versions older than 3006 are not available" exit 1 fi fi elif [ "$ITYPE" = "onedir_rc" ]; then - # Change the _ONEDIR_DIR to be the location for the RC packages - _ONEDIR_DIR="salt_rc/salt" - - # Change ITYPE to onedir so we use the regular onedir functions - ITYPE="onedir" - - if [ "$#" -eq 0 ];then - ONEDIR_REV="latest" - else - if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then - ONEDIR_REV="$1" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$1" - shift - elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}\.[0-9]?rc[0-9]$)')" != "" ]; then - # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix - #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') - ONEDIR_REV="minor/$1" - shift - else - echo "Unknown onedir_rc version: $1 (valid: 3006-8, 3007-1, latest)" - exit 1 - fi - fi + echoerror "RC Releases are not supported at this time" + +## # Change the _ONEDIR_DIR to be the location for the RC packages +## _ONEDIR_DIR="salt_rc/salt" +## +## # Change ITYPE to onedir so we use the regular onedir functions +## ITYPE="onedir" +## +## if [ "$#" -eq 0 ];then +## ONEDIR_REV="latest" +## else +## if [ "$(echo "$1" | grep -E '^(latest)$')" != "" ]; then +## ONEDIR_REV="$1" +## shift +## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}?rc[0-9]-[0-9]$)')" != "" ]; then +## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix +## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') +## ## ONEDIR_REV="minor/$1" don't have minor directory anymore +## ONEDIR_REV="$1" +## shift +## elif [ "$(echo "$1" | grep -E '^([3-9][0-9]{3}\.[0-9]?rc[0-9]$)')" != "" ]; then +## # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix +## #ONEDIR_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') +## ## ONEDIR_REV="minor/$1" don't have minor directory anymore +## ONEDIR_REV="$1" +## shift +## else +## echo "Unknown onedir_rc version: $1 (valid: 3006-8, 3007-1, latest)" +## exit 1 +## fi +## fi fi # Doing a quick start, so install master @@ -759,7 +799,6 @@ fi PY_PKG_VER=3 _PY_PKG_VER="python3" _PY_MAJOR_VERSION="3" -__PY_VERSION_REPO="py3" # Check if we're installing via a different Python executable and set major version variables if [ -n "$_PY_EXE" ]; then @@ -810,7 +849,7 @@ if [ "$ITYPE" != "git" ]; then fi fi -# Set the _REPO_URL value based on if -R was passed or not. Defaults to repo.saltproject.io. +# Set the _REPO_URL value based on if -R was passed or not. Defaults to packages.broadcom.com if [ "$_CUSTOM_REPO_URL" != "null" ]; then _REPO_URL="$_CUSTOM_REPO_URL" @@ -895,6 +934,7 @@ __fetch_url() { # DESCRIPTION: Retrieves a URL, verifies its content and writes it to standard output #---------------------------------------------------------------------------------------------------------------------- __fetch_verify() { + fetch_verify_url="$1" fetch_verify_sum="$2" fetch_verify_size="$3" @@ -916,6 +956,7 @@ __fetch_verify() { # DESCRIPTION: Checks if a URL exists #---------------------------------------------------------------------------------------------------------------------- __check_url_exists() { + _URL="$1" if curl --output /dev/null --silent --fail "${_URL}"; then return 0 @@ -1339,8 +1380,6 @@ __check_dpkg_architecture() { return 1 fi - __REPO_ARCH="$DPKG_ARCHITECTURE" - __REPO_ARCH_DEB='deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg]' __return_code=0 case $DPKG_ARCHITECTURE in @@ -1355,8 +1394,6 @@ __check_dpkg_architecture() { "arm64") # Saltstack official repository has full arm64 support since 3006 error_msg="" - __REPO_ARCH="arm64" - __REPO_ARCH_DEB="deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=$__REPO_ARCH]" ;; "armhf") error_msg="$_REPO_URL doesn't have packages for your system architecture: $DPKG_ARCHITECTURE." @@ -1924,6 +1961,7 @@ __wait_for_apt(){ # PARAMETERS: packages #---------------------------------------------------------------------------------------------------------------------- __apt_get_install_noinput() { + __wait_for_apt apt-get install -y -o DPkg::Options::=--force-confold "${@}"; return $? } # ---------- end of function __apt_get_install_noinput ---------- @@ -1933,6 +1971,7 @@ __apt_get_install_noinput() { # DESCRIPTION: (DRY) apt-get upgrade with noinput options #---------------------------------------------------------------------------------------------------------------------- __apt_get_upgrade_noinput() { + __wait_for_apt apt-get upgrade -y -o DPkg::Options::=--force-confold; return $? } # ---------- end of function __apt_get_upgrade_noinput ---------- @@ -1964,12 +2003,13 @@ __temp_gpg_pub() { #---------------------------------------------------------------------------------------------------------------------- __apt_key_fetch() { + url=$1 tempfile="$(__temp_gpg_pub)" - __fetch_url "$tempfile" "$url" || return 1 - cp -f "$tempfile" /usr/share/keyrings/salt-archive-keyring.gpg && chmod 644 /usr/share/keyrings/salt-archive-keyring.gpg || return 1 + mkdir -p /etc/apt/keyrings + cp -f "$tempfile" /etc/apt/keyrings/salt-archive-keyring.pgp && chmod 644 /etc/apt/keyrings/salt-archive-keyring.pgp || return 1 rm -f "$tempfile" return 0 @@ -1982,6 +2022,7 @@ __apt_key_fetch() { # PARAMETERS: url #---------------------------------------------------------------------------------------------------------------------- __rpm_import_gpg() { + url=$1 tempfile="$(__temp_gpg_pub)" @@ -2005,6 +2046,7 @@ __rpm_import_gpg() { # DESCRIPTION: (DRY) yum install with noinput options #---------------------------------------------------------------------------------------------------------------------- __yum_install_noinput() { + if [ "$DISTRO_NAME_L" = "oracle_linux" ]; then # We need to install one package at a time because --enablerepo=X disables ALL OTHER REPOS!!!! for package in "${@}"; do @@ -2020,6 +2062,7 @@ __yum_install_noinput() { # DESCRIPTION: (DRY) dnf install with noinput options #---------------------------------------------------------------------------------------------------------------------- __dnf_install_noinput() { + dnf -y install "${@}" || return $? } # ---------- end of function __dnf_install_noinput ---------- @@ -2028,6 +2071,7 @@ __dnf_install_noinput() { # DESCRIPTION: (DRY) tdnf install with noinput options #---------------------------------------------------------------------------------------------------------------------- __tdnf_install_noinput() { + tdnf -y install "${@}" || return $? } # ---------- end of function __tdnf_install_noinput ---------- @@ -2037,6 +2081,7 @@ __tdnf_install_noinput() { # specific revision. #---------------------------------------------------------------------------------------------------------------------- __git_clone_and_checkout() { + echodebug "Installed git version: $(git --version | awk '{ print $3 }')" # Turn off SSL verification if -I flag was set for insecure downloads if [ "$_INSECURE_DL" -eq $BS_TRUE ]; then @@ -2375,6 +2420,7 @@ __overwriteconfig() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_systemd() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2382,6 +2428,21 @@ __check_services_systemd() { echoerror "You need to pass a service name to check as the single argument to the function" fi + # check if systemd is functional, having systemctl present is insufficient + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_FALSE ]; then + # already determined systemd is not functional, default is 1 + return 1 + fi + + _SYSTEMD_ACTIVE=$(/bin/systemctl daemon-reload 2>&1 | grep 'System has not been booted with systemd') + echodebug "__check_services_systemd _SYSTEMD_ACTIVE result ,$_SYSTEMD_ACTIVE," + if [ "$_SYSTEMD_ACTIVE" != "" ]; then + _SYSTEMD_FUNCTIONAL=$BS_FALSE + echodebug "systemd is not functional, despite systemctl being present, setting _SYSTEMD_FUNCTIONAL false, $_SYSTEMD_FUNCTIONAL" + return 1 + fi + servicename=$1 echodebug "Checking if service ${servicename} is enabled" @@ -2401,6 +2462,7 @@ __check_services_systemd() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_upstart() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2428,6 +2490,7 @@ __check_services_upstart() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_sysvinit() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2454,6 +2517,7 @@ __check_services_sysvinit() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_debian() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2481,6 +2545,7 @@ __check_services_debian() { # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- __check_services_openrc() { + if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2507,6 +2572,7 @@ __check_services_openrc() { # DESCRIPTION: Return 0 or 1 depending on successful creation of virtualenv #---------------------------------------------------------------------------------------------------------------------- __create_virtualenv() { + if [ ! -d "$_VIRTUALENV_DIR" ]; then echoinfo "Creating virtualenv ${_VIRTUALENV_DIR}" if [ "$_PIP_ALL" -eq $BS_TRUE ]; then @@ -2524,6 +2590,7 @@ __create_virtualenv() { # DESCRIPTION: Return 0 or 1 depending on successful activation of virtualenv #---------------------------------------------------------------------------------------------------------------------- __activate_virtualenv() { + set +o nounset # Is virtualenv empty if [ -z "$_VIRTUALENV_DIR" ]; then @@ -2621,6 +2688,7 @@ __install_pip_deps() { # PARAMETERS: py_exe #---------------------------------------------------------------------------------------------------------------------- __install_salt_from_repo() { + _py_exe="$1" if [ "${_py_exe}" = "" ]; then @@ -2784,6 +2852,7 @@ if [ "x${_PY_MAJOR_VERSION}" = "x" ]; then _PY_MAJOR_VERSION=3 fi + ####################################################################################################################### # # Distribution install functions @@ -2867,6 +2936,7 @@ fi # Ubuntu Install Functions # __enable_universe_repository() { + if [ "$(grep -R universe /etc/apt/sources.list /etc/apt/sources.list.d/ | grep -v '#')" != "" ]; then # The universe repository is already enabled return 0 @@ -2885,13 +2955,9 @@ __install_saltstack_ubuntu_repository() { if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ]; then + { [ "$DISTRO_MAJOR_VERSION" -eq 24 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ] || [ "$DISTRO_MAJOR_VERSION" -eq 25 ]; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=24.04 - UBUNTU_CODENAME="noble" - else - UBUNTU_VERSION=${DISTRO_VERSION} - UBUNTU_CODENAME=${DISTRO_CODENAME} fi # Install downloader backend for GPG keys fetching @@ -2921,24 +2987,34 @@ __install_saltstack_ubuntu_repository() { fi # SaltStack's stable Ubuntu repository: - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list - __apt_key_fetch "$SALTSTACK_UBUNTU_URL/SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$STABLE_REV" != "latest" ]; then + # latest is default + STABLE_REV_MAJOR=$(echo "$STABLE_REV" | cut -d '.' -f 1) + if [ "$STABLE_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$STABLE_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi + } __install_saltstack_ubuntu_onedir_repository() { + + echodebug "__install_saltstack_ubuntu_onedir_repository() entry" # Workaround for latest non-LTS Ubuntu if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ { [ "$DISTRO_MAJOR_VERSION" -eq 22 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ - [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ]; then + [ "$DISTRO_MAJOR_VERSION" -eq 21 ] || [ "$DISTRO_MAJOR_VERSION" -eq 23 ] || [ "$DISTRO_MAJOR_VERSION" -eq 25 ]; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=24.04 - UBUNTU_CODENAME="noble" - else - UBUNTU_VERSION=${DISTRO_VERSION} - UBUNTU_CODENAME=${DISTRO_CODENAME} fi # Install downloader backend for GPG keys fetching @@ -2963,18 +3039,28 @@ __install_saltstack_ubuntu_onedir_repository() { __apt_get_install_noinput ${__PACKAGES} || return 1 # SaltStack's stable Ubuntu repository: - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/" - fi - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list - - __apt_key_fetch "${SALTSTACK_UBUNTU_URL}SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$ONEDIR_REV" != "latest" ]; then + # latest is default + ONEDIR_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$ONEDIR_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$ONEDIR_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi } install_ubuntu_deps() { + + echodebug "install_ubuntu_deps() entry" if [ "$_DISABLE_REPOS" -eq $BS_FALSE ]; then # Install add-apt-repository if ! __check_command_exists add-apt-repository; then @@ -3031,6 +3117,7 @@ install_ubuntu_deps() { } install_ubuntu_stable_deps() { + echodebug "install_ubuntu_stable_deps() entry" if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then @@ -3045,7 +3132,7 @@ install_ubuntu_stable_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then ## apt-key is deprecated - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ] || [ "$DISTRO_MAJOR_VERSION" -ge 22 ] || [ "$DISTRO_MAJOR_VERSION" -ge 23 ] || [ "$DISTRO_MAJOR_VERSION" -ge 24 ]; then + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 else __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && @@ -3065,6 +3152,7 @@ install_ubuntu_stable_deps() { } install_ubuntu_git_deps() { + echodebug "install_ubuntu_git_deps() entry" __wait_for_apt apt-get update || return 1 @@ -3107,6 +3195,7 @@ install_ubuntu_git_deps() { } install_ubuntu_onedir_deps() { + if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3119,7 +3208,7 @@ install_ubuntu_onedir_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then ## apt-key is deprecated - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ] || [ "$DISTRO_MAJOR_VERSION" -ge 22 ] || [ "$DISTRO_MAJOR_VERSION" -ge 23 ] || [ "$DISTRO_MAJOR_VERSION" -ge 24 ]; then + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 else __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && @@ -3139,6 +3228,7 @@ install_ubuntu_onedir_deps() { } install_ubuntu_stable() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3165,6 +3255,7 @@ install_ubuntu_stable() { } install_ubuntu_git() { + # Activate virtualenv before install if [ "${_VIRTUALENV_DIR}" != "null" ]; then __activate_virtualenv || return 1 @@ -3194,6 +3285,7 @@ install_ubuntu_git() { } install_ubuntu_onedir() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3220,6 +3312,7 @@ install_ubuntu_onedir() { } install_ubuntu_stable_post() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3229,7 +3322,8 @@ install_ubuntu_stable_post() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + ## if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Using systemd /bin/systemctl is-enabled salt-$fname.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-$fname.service > /dev/null 2>&1 && @@ -3246,6 +3340,7 @@ install_ubuntu_stable_post() { } install_ubuntu_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -3261,7 +3356,7 @@ install_ubuntu_git_post() { _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg" fi - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -3270,21 +3365,6 @@ install_ubuntu_git_post() { systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload - elif [ -f /sbin/initctl ]; then - _upstart_conf="/etc/init/salt-$fname.conf" - # We have upstart support - echodebug "There's upstart support" - if [ ! -f $_upstart_conf ]; then - # upstart does not know about our service, let's copy the proper file - echowarn "Upstart does not appear to know about salt-$fname" - echodebug "Copying ${_SERVICE_DIR}/salt-$fname.upstart to $_upstart_conf" - __copyfile "${_SERVICE_DIR}/salt-${fname}.upstart" "$_upstart_conf" - # Set service to know about virtualenv - if [ "${_VIRTUALENV_DIR}" != "null" ]; then - echo "SALT_USE_VIRTUALENV=${_VIRTUALENV_DIR}" > /etc/default/salt-${fname} - fi - /sbin/initctl reload-configuration || return 1 - fi # No upstart support in Ubuntu!? elif [ -f "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.init" ]; then echodebug "There's NO upstart support!?" @@ -3297,7 +3377,7 @@ install_ubuntu_git_post() { update-rc.d salt-$fname defaults else - echoerror "Neither upstart nor init.d was setup for salt-$fname" + echoerror "No init.d was setup for salt-$fname" fi done @@ -3305,13 +3385,12 @@ install_ubuntu_git_post() { } install_ubuntu_restart_daemons() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return - # Ensure upstart configs / systemd units are loaded - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + # Ensure systemd units are loaded + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then systemctl daemon-reload - elif [ -f /sbin/initctl ]; then - /sbin/initctl reload-configuration fi for fname in api master minion syndic; do @@ -3323,7 +3402,7 @@ install_ubuntu_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then echodebug "There's systemd support while checking salt-$fname" systemctl stop salt-$fname > /dev/null 2>&1 systemctl start salt-$fname.service && continue @@ -3335,18 +3414,6 @@ install_ubuntu_restart_daemons() { fi fi - if [ -f /sbin/initctl ]; then - echodebug "There's upstart support while checking salt-$fname" - - if status salt-$fname 2>/dev/null | grep -q running; then - stop salt-$fname || (echodebug "Failed to stop salt-$fname" && return 1) - fi - - start salt-$fname && continue - # We failed to start the service, let's test the SysV code below - echodebug "Failed to start salt-$fname using Upstart" - fi - if [ ! -f /etc/init.d/salt-$fname ]; then echoerror "No init.d support for salt-$fname was found" return 1 @@ -3360,6 +3427,7 @@ install_ubuntu_restart_daemons() { } install_ubuntu_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3369,7 +3437,7 @@ install_ubuntu_check_services() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ] && [ "$DISTRO_MAJOR_VERSION" -ge 16 ]; then __check_services_systemd salt-$fname || return 1 elif [ -f /etc/init.d/salt-$fname ]; then __check_services_debian salt-$fname || return 1 @@ -3388,10 +3456,8 @@ install_ubuntu_check_services() { # Debian Install Functions # __install_saltstack_debian_repository() { - echodebug "__install_saltstack_debian_repository() entry" - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" + echodebug "__install_saltstack_debian_repository() entry" if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then echoerror "Python version is no longer supported, only Python 3" @@ -3414,19 +3480,33 @@ __install_saltstack_debian_repository() { # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - - __apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 + ## SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}" + ## echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" + ## __apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 + ## __wait_for_apt apt-get update || return 1 + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$STABLE_REV" != "latest" ]; then + # latest is default + STABLE_REV_MAJOR=$(echo "$STABLE_REV" | cut -d '.' -f 1) + if [ "$STABLE_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$STABLE_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi } __install_saltstack_debian_onedir_repository() { - echodebug "__install_saltstack_debian_onedir_repository() entry" - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" + echodebug "__install_saltstack_debian_onedir_repository() entry" if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then echoerror "Python version is no longer supported, only Python 3" @@ -3449,19 +3529,27 @@ __install_saltstack_debian_onedir_repository() { # shellcheck disable=SC2086,SC2090 __apt_get_install_noinput ${__PACKAGES} || return 1 - # amd64 is just a part of repository URI - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${ONEDIR_REV}" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}" - fi - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - - __apt_key_fetch "${SALTSTACK_DEBIAN_URL}/SALT-PROJECT-GPG-PUBKEY-2023.gpg" || return 1 - + __fetch_url "/etc/apt/sources.list.d/salt.sources" "https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources" + __apt_key_fetch "${HTTP_VAL}://${_REPO_URL}/api/security/keypair/SaltProjectKey/public" || return 1 __wait_for_apt apt-get update || return 1 + + if [ "$ONEDIR_REV" != "latest" ]; then + # latest is default + ONEDIR_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$ONEDIR_REV_MAJOR" -eq "3006" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3006.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + elif [ "$ONEDIR_REV_MAJOR" -eq "3007" ]; then + echo "Package: salt-*" > /etc/apt/preferences.d/salt-pin-1001 + echo "Pin: version 3007.*" >> /etc/apt/preferences.d/salt-pin-1001 + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/salt-pin-1001 + fi + fi } install_debian_onedir_deps() { + echodebug "install_debian_onedir_git_deps() entry" if [ "$_START_DAEMONS" -eq $BS_FALSE ]; then @@ -3516,6 +3604,7 @@ install_debian_onedir_deps() { } install_debian_git_deps() { + echodebug "install_debian_git_deps() entry" __wait_for_apt apt-get update || return 1 @@ -3551,6 +3640,7 @@ install_debian_git_deps() { } install_debian_stable() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3589,6 +3679,7 @@ install_debian_12_git_deps() { } install_debian_git() { + if [ -n "$_PY_EXE" ]; then _PYEXE=${_PY_EXE} else @@ -3616,16 +3707,19 @@ install_debian_git() { } install_debian_11_git() { + install_debian_git || return 1 return 0 } install_debian_12_git() { + install_debian_git || return 1 return 0 } install_debian_onedir() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -3652,6 +3746,7 @@ install_debian_onedir() { } install_debian_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ "$fname" = "api" ] && \ @@ -3668,7 +3763,7 @@ install_debian_git_post() { fi # Configure SystemD for Debian 8 "Jessie" and later - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then if [ ! -f /lib/systemd/system/salt-${fname}.service ] || \ { [ -f /lib/systemd/system/salt-${fname}.service ] && [ $_FORCE_OVERWRITE -eq $BS_TRUE ]; }; then if [ -f "${_SERVICE_DIR}/salt-${fname}.service" ]; then @@ -3691,6 +3786,7 @@ install_debian_git_post() { } install_debian_2021_post() { + # Kali 2021 (debian derivative) disables all network services by default # Using archlinux post function to enable salt systemd services install_arch_linux_post || return 1 @@ -3698,6 +3794,7 @@ install_debian_2021_post() { } install_debian_restart_daemons() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 for fname in api master minion syndic; do @@ -3709,7 +3806,7 @@ install_debian_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Debian 8 and above uses systemd /bin/systemctl stop salt-$fname > /dev/null 2>&1 /bin/systemctl start salt-$fname.service && continue @@ -3726,6 +3823,7 @@ install_debian_restart_daemons() { } install_debian_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3735,7 +3833,7 @@ install_debian_check_services() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then __check_services_systemd salt-$fname || return 1 elif [ -f /etc/init.d/salt-$fname ]; then __check_services_debian salt-$fname || return 1 @@ -3754,43 +3852,40 @@ install_debian_check_services() { # __install_saltstack_fedora_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - REPO_REV="$ONEDIR_REV" - else - REPO_REV="latest" - fi if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then echoerror "Python version is no longer supported, only Python 3" return 1 fi - __PY_VERSION_REPO="py3" - - GPG_KEY="SALT-PROJECT-GPG-PUBKEY-2023.pub" - - REPO_FILE="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/fedora/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/fedora/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest fi + dnf clean expire-cache || return 1 - __fetch_url "${REPO_FILE}" "${FETCH_URL}.repo" - - __rpm_import_gpg "${FETCH_URL}/${GPG_KEY}" || return 1 - - yum clean metadata || return 1 - elif [ "$REPO_REV" != "latest" ]; then + elif [ "$ONEDIR_REV" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $REPO_REV." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 } install_fedora_deps() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then dnf -y update || return 1 fi @@ -3821,6 +3916,7 @@ install_fedora_deps() { } install_fedora_git_deps() { + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then echoerror "Python version is no longer supported, only Python 3" return 1 @@ -3860,6 +3956,7 @@ install_fedora_git_deps() { } install_fedora_git() { + if [ "${_PY_EXE}" != "" ]; then _PYEXE=${_PY_EXE} echoinfo "Using the following python version: ${_PY_EXE} to install salt" @@ -3874,6 +3971,7 @@ install_fedora_git() { } install_fedora_git_post() { + for fname in api master minion syndic; do # Skip if not meant to be installed [ $fname = "api" ] && \ @@ -3901,10 +3999,12 @@ install_fedora_git_post() { systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload + done } install_fedora_restart_daemons() { + [ $_START_DAEMONS -eq $BS_FALSE ] && return for fname in api master minion syndic; do @@ -3927,6 +4027,7 @@ install_fedora_restart_daemons() { } install_fedora_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -3943,6 +4044,7 @@ install_fedora_check_services() { } install_fedora_onedir_deps() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then yum -y update || return 1 fi @@ -3981,6 +4083,7 @@ install_fedora_onedir_deps() { install_fedora_onedir() { + STABLE_REV=$ONEDIR_REV #install_fedora_stable || return 1 @@ -4010,6 +4113,7 @@ install_fedora_onedir() { } install_fedora_onedir_post() { + STABLE_REV=$ONEDIR_REV for fname in api master minion syndic; do @@ -4039,63 +4143,39 @@ install_fedora_onedir_post() { # CentOS Install Functions # __install_saltstack_rhel_onedir_repository() { - if [ "$ITYPE" = "stable" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then echoerror "Python version is no longer supported, only Python 3" return 1 fi - # Avoid using '$releasever' variable for yum. - # Instead, this should work correctly on all RHEL variants. - base_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - base_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/" - fi - - gpg_key="SALT-PROJECT-GPG-PUBKEY-2023.pub" - - gpg_key_urls="" - for key in $gpg_key; do - gpg_key_urls=$(printf "${base_url}${key},%s" "$gpg_key_urls") - done - - repo_file="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - cat <<_eof > "$repo_file" -[saltstack] -name=SaltStack ${repo_rev} Release Channel for RHEL/CentOS \$releasever -baseurl=${base_url} -skip_if_unavailable=True -gpgcheck=1 -gpgkey=${gpg_key_urls} -enabled=1 -enabled_metadata=1 -_eof - - fetch_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/${ONEDIR_REV}/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - fetch_url="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/${CPU_ARCH_L}/" + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest fi - for key in $gpg_key; do - __rpm_import_gpg "${fetch_url}${key}" || return 1 - done - - yum clean metadata || return 1 - elif [ "$repo_rev" != "latest" ]; then + dnf clean expire-cache || return 1 + elif [ "$ONEDIR_REV" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $repo_rev." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 } install_centos_stable_deps() { + if [ "$_UPGRADE_SYS" -eq $BS_TRUE ]; then yum -y update || return 1 fi @@ -4133,6 +4213,7 @@ install_centos_stable_deps() { } install_centos_stable() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -4166,6 +4247,7 @@ install_centos_stable() { } install_centos_stable_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -4177,7 +4259,7 @@ install_centos_stable_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /bin/systemctl is-enabled salt-${fname}.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-${fname}.service > /dev/null 2>&1 && /bin/systemctl enable salt-${fname}.service > /dev/null 2>&1 @@ -4197,6 +4279,7 @@ install_centos_stable_post() { } install_centos_git_deps() { + # First try stable deps then fall back to onedir deps if that one fails # if we're installing on a Red Hat based host that doesn't have the classic # package repos available. @@ -4242,6 +4325,7 @@ install_centos_git_deps() { } install_centos_git() { + if [ "${_PY_EXE}" != "" ]; then _PYEXE=${_PY_EXE} echoinfo "Using the following python version: ${_PY_EXE} to install salt" @@ -4257,6 +4341,7 @@ install_centos_git() { } install_centos_git_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -4273,7 +4358,8 @@ install_centos_git_post() { else _SERVICE_FILE="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm/salt-${fname}.service" fi - if [ -f /bin/systemctl ]; then + + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then if [ ! -f "/usr/lib/systemd/system/salt-${fname}.service" ] || \ { [ -f "/usr/lib/systemd/system/salt-${fname}.service" ] && [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; }; then __copyfile "${_SERVICE_FILE}" /usr/lib/systemd/system @@ -4297,6 +4383,7 @@ install_centos_git_post() { } install_centos_onedir_deps() { + if [ "$_UPGRADE_SYS" -eq "$BS_TRUE" ]; then yum -y update || return 1 fi @@ -4333,6 +4420,7 @@ install_centos_onedir_deps() { } install_centos_onedir() { + __PACKAGES="" if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ];then @@ -4359,6 +4447,7 @@ install_centos_onedir() { } install_centos_onedir_post() { + SYSTEMD_RELOAD=$BS_FALSE for fname in api master minion syndic; do @@ -4370,7 +4459,7 @@ install_centos_onedir_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /bin/systemctl is-enabled salt-${fname}.service > /dev/null 2>&1 || ( /bin/systemctl preset salt-${fname}.service > /dev/null 2>&1 && /bin/systemctl enable salt-${fname}.service > /dev/null 2>&1 @@ -4390,6 +4479,7 @@ install_centos_onedir_post() { } install_centos_restart_daemons() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return for fname in api master minion syndic; do @@ -4401,26 +4491,11 @@ install_centos_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /sbin/initctl ] && [ -f /etc/init/salt-${fname}.conf ]; then - # We have upstart support and upstart knows about our service - if ! /sbin/initctl status salt-$fname > /dev/null 2>&1; then - # Everything is in place and upstart gave us an error code? Fail! - return 1 - fi - - # upstart knows about this service. - # Let's try to stop it, and then start it - /sbin/initctl stop salt-$fname > /dev/null 2>&1 - # Restart service - if ! /sbin/initctl start salt-$fname > /dev/null 2>&1; then - # Failed the restart?! - return 1 - fi - elif [ -f /etc/init.d/salt-$fname ]; then + if [ -f /etc/init.d/salt-$fname ]; then # Disable stdin to fix shell session hang on killing tee pipe service salt-$fname stop < /dev/null > /dev/null 2>&1 service salt-$fname start < /dev/null - elif [ -f /usr/bin/systemctl ]; then + elif [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # CentOS 7 uses systemd /usr/bin/systemctl stop salt-$fname > /dev/null 2>&1 /usr/bin/systemctl start salt-$fname.service && continue @@ -4434,21 +4509,25 @@ install_centos_restart_daemons() { } install_centos_testing_deps() { + install_centos_stable_deps || return 1 return 0 } install_centos_testing() { + install_centos_stable || return 1 return 0 } install_centos_testing_post() { + install_centos_stable_post || return 1 return 0 } install_centos_check_services() { + for fname in api master minion syndic; do # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue @@ -4460,7 +4539,7 @@ install_centos_check_services() { if [ -f "/etc/init.d/salt-$fname" ]; then __check_services_sysvinit "salt-$fname" || return 1 - elif [ -f /usr/bin/systemctl ]; then + elif [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then __check_services_systemd "salt-$fname" || return 1 fi done @@ -4477,286 +4556,343 @@ install_centos_check_services() { # RedHat Install Functions # install_red_hat_linux_stable_deps() { + install_centos_stable_deps || return 1 return 0 } install_red_hat_linux_git_deps() { + install_centos_git_deps || return 1 return 0 } install_red_hat_linux_onedir_deps() { + install_centos_onedir_deps || return 1 return 0 } install_red_hat_enterprise_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_linux_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_linux_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_linux_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_server_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_server_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_server_onedir_deps() { + install_red_hat_linux_onedir_deps || return 1 return 0 } install_red_hat_enterprise_workstation_stable_deps() { + install_red_hat_linux_stable_deps || return 1 return 0 } install_red_hat_enterprise_workstation_git_deps() { + install_red_hat_linux_git_deps || return 1 return 0 } install_red_hat_enterprise_workstation_onedir_deps() { + install_red_hat_linux_timat_deps || return 1 return 0 } install_red_hat_linux_stable() { + install_centos_stable || return 1 return 0 } install_red_hat_linux_git() { + install_centos_git || return 1 return 0 } install_red_hat_linux_onedir() { + install_centos_onedir || return 1 return 0 } install_red_hat_enterprise_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_linux_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_linux_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_linux_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_server_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_server_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_server_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_enterprise_workstation_stable() { + install_red_hat_linux_stable || return 1 return 0 } install_red_hat_enterprise_workstation_git() { + install_red_hat_linux_git || return 1 return 0 } install_red_hat_enterprise_workstation_onedir() { + install_red_hat_linux_onedir || return 1 return 0 } install_red_hat_linux_stable_post() { + install_centos_stable_post || return 1 return 0 } install_red_hat_linux_restart_daemons() { + install_centos_restart_daemons || return 1 return 0 } install_red_hat_linux_git_post() { + install_centos_git_post || return 1 return 0 } install_red_hat_enterprise_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_linux_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_linux_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_linux_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_server_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_server_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_server_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_enterprise_workstation_stable_post() { + install_red_hat_linux_stable_post || return 1 return 0 } install_red_hat_enterprise_workstation_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 return 0 } install_red_hat_enterprise_workstation_git_post() { + install_red_hat_linux_git_post || return 1 return 0 } install_red_hat_linux_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_linux_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_linux_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_server_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_server_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_server_testing_post() { + install_centos_testing_post || return 1 return 0 } install_red_hat_enterprise_workstation_testing_deps() { + install_centos_testing_deps || return 1 return 0 } install_red_hat_enterprise_workstation_testing() { + install_centos_testing || return 1 return 0 } install_red_hat_enterprise_workstation_testing_post() { + install_centos_testing_post || return 1 return 0 } @@ -4770,6 +4906,7 @@ install_red_hat_enterprise_workstation_testing_post() { # Oracle Linux Install Functions # install_oracle_linux_stable_deps() { + # Install Oracle's EPEL. if [ "${_EPEL_REPOS_INSTALLED}" -eq $BS_FALSE ]; then _EPEL_REPO=oracle-epel-release-el${DISTRO_MAJOR_VERSION} @@ -5374,12 +5511,6 @@ install_amazon_linux_ami_2_deps() { return 1 fi - if [ "$ITYPE" = "stable" ]; then - repo_rev="$STABLE_REV" - else - repo_rev="latest" - fi - # We need to install yum-utils before doing anything else when installing on # Amazon Linux ECS-optimized images. See issue #974. __yum_install_noinput yum-utils @@ -5390,30 +5521,24 @@ install_amazon_linux_ami_2_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - PY_PKG_VER=3 - __PY_VERSION_REPO="py3" - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2" - - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/$repo_rev/" - gpg_key="${base_url}SALT-PROJECT-GPG-PUBKEY-2023.gpg" - - # This should prob be refactored to use __install_saltstack_rhel_onedir_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$STABLE_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$STABLE_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 fi - fi if [ "${_EXTRA_PACKAGES}" != "" ]; then @@ -5429,12 +5554,6 @@ install_amazon_linux_ami_2_onedir_deps() { return 1 fi - if [ "$ITYPE" = "onedir" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi - # We need to install yum-utils before doing anything else when installing on # Amazon Linux ECS-optimized images. See issue #974. __yum_install_noinput yum-utils @@ -5445,33 +5564,25 @@ install_amazon_linux_ami_2_onedir_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="py3" - PY_PKG_VER=3 - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2" - fi - - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/$repo_rev/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/amazon/2/\$basearch/" - fi - - gpg_key="${base_url}SALT-PROJECT-GPG-PUBKEY-2023.pub" - - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 fi + fi if [ "${_EXTRA_PACKAGES}" != "" ]; then echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" @@ -5569,11 +5680,6 @@ install_amazon_linux_ami_2023_git_deps() { } install_amazon_linux_ami_2023_onedir_deps() { - if [ "$ITYPE" = "onedir" ]; then - repo_rev="$ONEDIR_REV" - else - repo_rev="latest" - fi # We need to install yum-utils before doing anything else when installing on # Amazon Linux ECS-optimized images. See issue #974. @@ -5584,33 +5690,24 @@ install_amazon_linux_ami_2023_onedir_deps() { yum -y update || return 1 fi - if [ "$_DISABLE_REPOS" -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="salt.repo" - __PY_VERSION_REPO="py3" - PY_PKG_VER=3 - repo_label="saltstack-py3-repo" - repo_name="SaltStack Python 3 repo for Amazon Linux 2023" - - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/amazon/2023/\$basearch/$repo_rev/" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - base_url="$HTTP_VAL://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/amazon/2023/\$basearch/" - fi - - gpg_key="${base_url}SALT-PROJECT-GPG-PUBKEY-2023.pub" - - # This should prob be refactored to use __install_saltstack_rhel_onedir_repository() - # With args passed in to do the right thing. Reformatted to be more like the - # amazon linux yum file. - if [ ! -s "/etc/yum.repos.d/${__REPO_FILENAME}" ]; then - cat <<_eof > "/etc/yum.repos.d/${__REPO_FILENAME}" -[$repo_label] -name=$repo_name -failovermethod=priority -priority=10 -gpgcheck=1 -gpgkey=$gpg_key -baseurl=$base_url -_eof + if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then + if [ ! -s "${YUM_REPO_FILE}" ]; then + FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-3007-sts + fi + else + # Enable the Salt LATEST repo + dnf config-manager --set-disable salt-repo-* + dnf config-manager --set-enabled salt-repo-latest + fi + dnf clean expire-cache || return 1 fi fi @@ -5806,7 +5903,7 @@ install_arch_linux_post() { # Skip salt-api since the service should be opt-in and not necessarily started on boot [ $fname = "api" ] && continue - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Using systemd /usr/bin/systemctl is-enabled salt-$fname.service > /dev/null 2>&1 || ( /usr/bin/systemctl preset salt-$fname.service > /dev/null 2>&1 && @@ -5837,7 +5934,7 @@ install_arch_linux_git_post() { _SERVICE_DIR="${_SALT_GIT_CHECKOUT_DIR}/pkg/rpm" fi - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then __copyfile "${_SERVICE_DIR}/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" # Skip salt-api since the service should be opt-in and not necessarily started on boot @@ -5870,7 +5967,7 @@ install_arch_linux_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then /usr/bin/systemctl stop salt-$fname.service > /dev/null 2>&1 /usr/bin/systemctl start salt-$fname.service && continue echodebug "Failed to start salt-$fname using systemd" @@ -5886,7 +5983,7 @@ install_arch_linux_restart_daemons() { } install_arch_check_services() { - if [ ! -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Not running systemd!? Don't check! return 0 fi @@ -5935,32 +6032,59 @@ __install_saltstack_photon_onedir_repository() { return 1 fi - if [ "$ITYPE" = "stable" ]; then - REPO_REV="$ONEDIR_REV" - else - REPO_REV="latest" - fi - - __PY_VERSION_REPO="py3" - REPO_FILE="/etc/yum.repos.d/salt.repo" - - if [ ! -s "$REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then - ## salt repo 4 & 5 have issues, need the Major version dot Zero, eg: 4.0, 5.0 - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/photon/${DISTRO_MAJOR_VERSION}.0/${CPU_ARCH_L}/${ONEDIR_REV}" - if [ "${ONEDIR_REV}" = "nightly" ] ; then - FETCH_URL="${HTTP_VAL}://${_REPO_URL}/${_ONEDIR_NIGHTLY_DIR}/${__PY_VERSION_REPO}/photon/${DISTRO_MAJOR_VERSION}.0/${CPU_ARCH_L}/" + if [ ! -s "$YUM_REPO_FILE" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then + ## Photon tdnf doesn't support config-manager + ## FETCH_URL="https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo" + ## __fetch_url "${YUM_REPO_FILE}" "${FETCH_URL}" + # shellcheck disable=SC2129 + if [ "$ONEDIR_REV" != "latest" ]; then + # 3006.x is default + REPO_REV_MAJOR=$(echo "$ONEDIR_REV" | cut -d '.' -f 1) + if [ "$REPO_REV_MAJOR" -eq "3007" ]; then + # Enable the Salt 3007 STS repo + ## tdnf config-manager --set-disable salt-repo-* + ## tdnf config-manager --set-enabled salt-repo-3007-sts + echo "[salt-repo-3007-sts]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt v3007 STS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://packages.broadcom.com/artifactory/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "exclude=*3006* *3008* *3009* *3010*" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + else + # Salt 3006 repo + echo "[salt-repo-3006-lts]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt v3006 LTS" >> "${YUM_REPO_FILE}" + echo "baseurl=https://packages.broadcom.com/artifactory/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "exclude=*3007* *3008* *3009* *3010*" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" + fi + else + # Enable the Salt LATEST repo + ## tdnf config-manager --set-disable salt-repo-* + ## tdnf config-manager --set-enabled salt-repo-latest + echo "[salt-repo-latest]" > "${YUM_REPO_FILE}" + echo "name=Salt Repo for Salt LATEST release" >> "${YUM_REPO_FILE}" + echo "baseurl=https://packages.broadcom.com/artifactory/saltproject-rpm/" >> "${YUM_REPO_FILE}" + echo "skip_if_unavailable=True" >> "${YUM_REPO_FILE}" + echo "priority=10" >> "${YUM_REPO_FILE}" + echo "enabled=1" >> "${YUM_REPO_FILE}" + echo "enabled_metadata=1" >> "${YUM_REPO_FILE}" + echo "gpgcheck=1" >> "${YUM_REPO_FILE}" + echo "gpgkey=https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public" >> "${YUM_REPO_FILE}" fi - - __fetch_url "${REPO_FILE}" "${FETCH_URL}.repo" - - GPG_KEY="SALT-PROJECT-GPG-PUBKEY-2023.pub" - - __rpm_import_gpg "${FETCH_URL}/${GPG_KEY}" || return 1 - tdnf makecache || return 1 - elif [ "$REPO_REV" != "latest" ]; then + elif [ "$ONEDIR_REV" != "latest" ]; then echowarn "salt.repo already exists, ignoring salt version argument." - echowarn "Use -F (forced overwrite) to install $REPO_REV." + echowarn "Use -F (forced overwrite) to install $ONEDIR_REV." fi return 0 @@ -6454,7 +6578,7 @@ install_opensuse_stable_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ] || [ -f /usr/bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then systemctl is-enabled salt-$fname.service || (systemctl preset salt-$fname.service && systemctl enable salt-$fname.service) sleep 1 systemctl daemon-reload @@ -6477,7 +6601,7 @@ install_opensuse_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if command -v systemctl; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then use_usr_lib=$BS_FALSE if [ "${DISTRO_MAJOR_VERSION}" -ge 15 ]; then @@ -6529,7 +6653,7 @@ install_opensuse_restart_daemons() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then systemctl stop salt-$fname > /dev/null 2>&1 systemctl start salt-$fname.service && continue echodebug "Failed to start salt-$fname using systemd" @@ -6545,7 +6669,7 @@ install_opensuse_restart_daemons() { } install_opensuse_check_services() { - if [ ! -f /bin/systemctl ]; then + if [ "$_SYSTEMD_FUNCTIONAL" -eq $BS_TRUE ]; then # Not running systemd!? Don't check! return 0 fi @@ -7131,58 +7255,77 @@ daemons_running_voidlinux() { # OS X / Darwin Install Functions # -__parse_repo_json_python() { - - # Using latest, grab the right - # version from the repo.json - _JSON_VERSION=$(python - <<-EOF -import json, urllib.request -url = "https://repo.saltproject.io/salt/py3/macos/repo.json" -response = urllib.request.urlopen(url) -data = json.loads(response.read()) -version = data["${_ONEDIR_REV}"][list(data["${_ONEDIR_REV}"])[0]]['version'] -print(version) -EOF -) -echo "${_JSON_VERSION}" +#--- FUNCTION ------------------------------------------------------------------------------------------------------- +# NAME: __macosx_get_packagesite_onedir_latest +# DESCRIPTION: Set _PKG_VERSION to the latest for MacOS +#---------------------------------------------------------------------------------------------------------------------- +__macosx_get_packagesite_onedir_latest() { + + echodebug "Find latest MacOS release from repository" + + # get dir listing from url, sort and pick highest + macos_versions_tmpdir=$(mktemp -d) + curr_pwd=$(pwd) + cd ${macos_versions_tmpdir} || return 1 + wget -r -np -nH --exclude-directories=onedir,relenv,windows -x -l 1 "$SALT_MACOS_PKGDIR_URL/" + # shellcheck disable=SC2010 + _PKG_VERSION=$(ls artifactory/saltproject-generic/macos/ | grep -v 'index.html' | sort -V -u | tail -n 1) + cd ${curr_pwd} || return "${_PKG_VERSION}" + rm -fR ${macos_versions_tmpdir} + + echodebug "latest MacOS release from repository found ${_PKG_VERSION}" + } + __macosx_get_packagesite_onedir() { + + echodebug "Get package site for onedir from repository" + if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -ne 3 ]; then echoerror "Python version is no longer supported, only Python 3" return 1 fi DARWIN_ARCH=${CPU_ARCH_L} + _PKG_VERSION="" + _ONEDIR_TYPE="saltproject-generic" + SALT_MACOS_PKGDIR_URL="https://${_REPO_URL}/${_ONEDIR_TYPE}/macos" if [ "$(echo "$_ONEDIR_REV" | grep -E '^(latest)$')" != "" ]; then - _PKG_VERSION=$(__parse_repo_json_python) + __macosx_get_packagesite_onedir_latest elif [ "$(echo "$_ONEDIR_REV" | grep -E '^([3-9][0-9]{3}(\.[0-9]*))')" != "" ]; then _PKG_VERSION=$_ONEDIR_REV else - _PKG_VERSION=$(__parse_repo_json_python) + __macosx_get_packagesite_onedir_latest fi - PKG="salt-${_PKG_VERSION}-${__PY_VERSION_REPO}-${DARWIN_ARCH}.pkg" - SALTPKGCONFURL="https://${_REPO_URL}/${_ONEDIR_DIR}/${__PY_VERSION_REPO}/macos/${ONEDIR_REV}/${PKG}" + PKG="salt-${_PKG_VERSION}-py3-${DARWIN_ARCH}.pkg" + SALTPKGCONFURL="${SALT_MACOS_PKGDIR_URL}/${_PKG_VERSION}/${PKG}" + + } __configure_macosx_pkg_details_onedir() { + __macosx_get_packagesite_onedir || return 1 return 0 } install_macosx_stable_deps() { + __configure_macosx_pkg_details_onedir || return 1 return 0 } install_macosx_onedir_deps() { + __configure_macosx_pkg_details_onedir || return 1 return 0 } install_macosx_git_deps() { + install_macosx_stable_deps || return 1 if ! echo "$PATH" | grep -q /usr/local/bin; then @@ -7208,6 +7351,7 @@ install_macosx_git_deps() { } install_macosx_stable() { + install_macosx_stable_deps || return 1 __fetch_url "/tmp/${PKG}" "${SALTPKGCONFURL}" || return 1 @@ -7218,6 +7362,7 @@ install_macosx_stable() { } install_macosx_onedir() { + install_macosx_onedir_deps || return 1 __fetch_url "/tmp/${PKG}" "${SALTPKGCONFURL}" || return 1 @@ -7229,6 +7374,7 @@ install_macosx_onedir() { install_macosx_git() { + if [ -n "$_PY_EXE" ]; then _PYEXE="${_PY_EXE}" else @@ -7241,6 +7387,7 @@ install_macosx_git() { } install_macosx_stable_post() { + if [ ! -f /etc/paths.d/salt ]; then print "%s\n" "/opt/salt/bin" "/usr/local/sbin" > /etc/paths.d/salt fi @@ -7256,16 +7403,19 @@ install_macosx_stable_post() { } install_macosx_onedir_post() { + install_macosx_stable_post || return 1 return 0 } install_macosx_git_post() { + install_macosx_stable_post || return 1 return 0 } install_macosx_restart_daemons() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return if [ "$_INSTALL_MINION" -eq $BS_TRUE ]; then @@ -7291,6 +7441,7 @@ install_macosx_restart_daemons() { # the -c options is passed. # config_salt() { + # If the configuration directory is not passed, return [ "$_TEMP_CONFIG_DIR" = "null" ] && return @@ -7452,6 +7603,7 @@ config_salt() { # as long as the -k option is passed. # preseed_master() { + # Create the PKI directory if [ "$(find "$_TEMP_KEYS_DIR" -maxdepth 1 -type f | wc -l)" -lt 1 ]; then @@ -7486,6 +7638,7 @@ preseed_master() { # This function checks if all of the installed daemons are running or not. # daemons_running_onedir() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 FAILED_DAEMONS=0 @@ -7523,6 +7676,7 @@ daemons_running_onedir() { # This function checks if all of the installed daemons are running or not. # daemons_running() { + [ "$_START_DAEMONS" -eq $BS_FALSE ] && return 0 FAILED_DAEMONS=0 diff --git a/kitchen.macos.yml b/kitchen.macos.yml deleted file mode 100644 index 616a489e0..000000000 --- a/kitchen.macos.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -driver: - name: exec - -provisioner: - sudo: true - salt_bootstrap_options: -MP stable %s - init_environment: | - echo 'auto_accept: true' > /tmp/auto-accept-keys.conf - sudo mkdir -p /etc/salt/master.d - sudo mv /tmp/auto-accept-keys.conf /etc/salt/master.d/auto-accept-keys.conf - brew install coreutils - sh -c 't=$(gshuf -i 1-15 -n 1); echo Sleeping $t seconds; sleep $t' - -platforms: - - name: macos-12 - - name: macos-13 - -suites: - - name: stable-3006 - provisioner: - salt_version: 3006 - salt_call_command: /opt/salt/salt-call - - name: stable-3006-8 - provisioner: - salt_version: 3006.8 - salt_call_command: /opt/salt/salt-call - - name: stable-3007 - provisioner: - salt_version: 3007 - salt_call_command: /opt/salt/salt-call - - name: stable-3007-1 - provisioner: - salt_version: 3007.1 - salt_call_command: /opt/salt/salt-call - - name: latest - provisioner: - salt_version: latest - salt_call_command: /opt/salt/salt-call - -verifier: - command: pytest --cache-clear -v -s -ra --log-cli-level=debug -k "not test_ping" tests/integration/ diff --git a/kitchen.windows.yml b/kitchen.windows.yml deleted file mode 100644 index a2b88e2e3..000000000 --- a/kitchen.windows.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -driver: - name: proxy - host: localhost - reset_command: "exit 0" - port: 5985 - username: kitchen - password: Password1 - -provisioner: - salt_bootstrap_url: D:/a/salt-bootstrap/salt-bootstrap/bootstrap-salt.ps1 - salt_bootstrap_options: -Version %s -Verbose - init_environment: '' - -platforms: - - name: windows-2022 - - name: windows-2019 - -suites: - - name: stable-3006 - provisioner: - salt_version: 3006 - salt_call_command: c:\Program Files\Salt Project\Salt\salt-call.exe - - name: stable-3006-8 - provisioner: - salt_version: 3006.8 - salt_call_command: c:\Program Files\Salt Project\Salt\salt-call.exe - - name: stable-3007 - provisioner: - salt_version: 3007 - salt_call_command: c:\Program Files\Salt Project\Salt\salt-call.exe - - name: stable-3007-1 - provisioner: - salt_version: 3007.1 - salt_call_command: c:\Program Files\Salt Project\Salt\salt-call.exe - - name: latest - provisioner: - salt_version: latest - salt_call_command: c:\Program Files\Salt Project\Salt\salt-call.exe - -verifier: - command: pytest --cache-clear -v -s -ra --log-cli-level=debug -k "not test_ping" tests/integration/ diff --git a/kitchen.yml b/kitchen.yml deleted file mode 100644 index 62cc73808..000000000 --- a/kitchen.yml +++ /dev/null @@ -1,296 +0,0 @@ ---- -driver: - name: docker - use_sudo: false - hostname: salt - privileged: true - username: root - cap_add: - - sys_admin - disable_upstart: false - use_internal_docker_network: false - run_command: /usr/lib/systemd/systemd - -provisioner: - name: salt_solo - salt_install: bootstrap - salt_bootstrap_url: bootstrap-salt.sh - salt_bootstrap_options: -MPfq git %s - install_after_init_environment: true - log_level: info - sudo: false - require_chef: false - formula: tests - run_salt_call: false - init_environment: | - echo 'auto_accept: true' > /tmp/auto-accept-keys.conf - mkdir -p /etc/salt/master.d - mv /tmp/auto-accept-keys.conf /etc/salt/master.d/auto-accept-keys.conf - sh -c 't=$(shuf -i 1-15 -n 1); echo Sleeping $t seconds; sleep $t' - - -## - name: amazon-2023 -## driver: -## image: amazonlinux:2023 -## provision_command: -## - yum -y install --allowerasing procps-ng curl -## - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - -## - name: opensuse-tumbleweed -## driver: -## image: opensuse/tumbleweed:latest -## provision_command: -## - *opensuse_provision_command_01 -## - *opensuse_provision_command_02 -## - *opensuse_provision_command_03 -## - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - -platforms: - - name: almalinux-9 - driver: - provision_command: - - dnf -y install crypto-policies-scripts procps-ng - - update-crypto-policies --set DEFAULT:SHA1 - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: almalinux-8 - - name: amazon-2 - driver: - image: amazonlinux:2 - platform: rhel - provision_command: - - yum -y install procps-ng - - name: arch - driver: - image: archlinux/archlinux - provision_command: - - pacman -Syu --noconfirm --needed systemd grep awk procps which - - systemctl enable sshd - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: centos-stream9 - driver: - platform: centosstream - image: quay.io/centos/centos:stream9 - provision_command: - - dnf -y install crypto-policies-scripts procps-ng - - update-crypto-policies --set DEFAULT:SHA1 - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: debian-11 - driver: - image: debian:bullseye - run_command: /lib/systemd/systemd - - name: debian-12 - driver: - image: debian:bookworm - run_command: /lib/systemd/systemd - provision_command: - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: fedora-39 - driver: - provision_command: &fedora_provision_command - - dnf -y install procps-ng crypto-policies-scripts - - update-crypto-policies --set LEGACY - - name: fedora-40 - driver: - provision_command: *fedora_provision_command - - name: gentoo - driver: - image: gentoo/stage3:latest - run_command: /sbin/init - provision_command: - - rc-update add sshd default - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: gentoo-systemd - driver: - image: gentoo/stage3:systemd - run_command: /lib/systemd/systemd - provision_command: - - systemctl enable sshd.service - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: opensuse-15 - driver: - image: opensuse/leap:15.4 - provision_command: - - &opensuse_provision_command_01 zypper --non-interactive install --auto-agree-with-licenses dbus-1 - - &opensuse_provision_command_02 zypper --non-interactive install --auto-agree-with-licenses sudo openssh which curl systemd - - &opensuse_provision_command_03 systemctl enable sshd.service - - name: rockylinux-9 - driver: - platform: centosstream - run_command: /usr/lib/systemd/systemd - provision_command: - - dnf -y install crypto-policies-scripts procps-ng - - update-crypto-policies --set DEFAULT:SHA1 - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: oraclelinux-9 - driver: - run_command: /usr/lib/systemd/systemd - provision_command: - - dnf -y install crypto-policies-scripts procps-ng - - update-crypto-policies --set DEFAULT:SHA1 - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: rockylinux-8 - - name: oraclelinux-8 - - name: ubuntu-24.04 - driver: - run_command: /lib/systemd/systemd - provision_command: - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: ubuntu-22.04 - driver: - run_command: /lib/systemd/systemd - provision_command: - - echo "PubkeyAcceptedAlgorithms +ssh-rsa" | tee -a /etc/ssh/sshd_config - - name: ubuntu-20.04 - driver: - run_command: /lib/systemd/systemd - - name: photon-4 - driver: - image: photon:4.0 - provision_command: - - tdnf -y install rpm procps-ng coreutils gawk systemd - - echo "PubkeyAcceptedKeyTypes +ssh-rsa" | tee -a /etc/ssh/sshd_config - - sed -ie 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config - - systemctl enable sshd.service - - name: photon-5 - driver: - image: photon:5.0 - provision_command: - - tdnf -y install rpm procps-ng coreutils gawk systemd - - echo "PubkeyAcceptedKeyTypes +ssh-rsa" | tee -a /etc/ssh/sshd_config - - sed -ie 's/PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config - - systemctl enable sshd.service - -suites: - - name: git-3006 - provisioner: - salt_version: v3006 - salt_bootstrap_options: -x python3 -MPfq git %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - debian-11 - - debian-12 - - arch - - gentoo - - gentoo-systemd - - name: git-3006x - provisioner: - salt_version: 3006.x - salt_bootstrap_options: -x python3 -MPfq git %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - debian-11 - - debian-12 - - arch - - gentoo - - gentoo-systemd - - name: git-3007 - provisioner: - salt_version: v3007 - salt_bootstrap_options: -x python3 -MPfq git %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - debian-11 - - arch - - gentoo - - gentoo-systemd - - name: git-3007x - provisioner: - salt_version: 3007.x - salt_bootstrap_options: -x python3 -MPfq git %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - debian-11 - - arch - - gentoo - - gentoo-systemd - - name: stable-3006 - provisioner: - salt_version: 3006 - salt_bootstrap_options: -x python3 -MP stable %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - arch - - name: stable-3006-8 - provisioner: - salt_version: 3006.8 - salt_bootstrap_options: -x python3 -MP stable %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - arch - - name: stable-3007 - provisioner: - salt_version: 3007 - salt_bootstrap_options: -x python3 -MP stable %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - arch - - name: stable-3007-1 - provisioner: - salt_version: 3007.1 - salt_bootstrap_options: -x python3 -MP stable %s - excludes: - - opensuse-15 - - opensuse-tumbleweed - - arch - - name: git-master - provisioner: - salt_version: master - salt_bootstrap_options: -x python3 -MPfq -D git %s - - - name: latest - provisioner: - salt_version: latest - salt_bootstrap_options: -MP stable %s - - - name: default - provisioner: - salt_version: latest - salt_bootstrap_options: -MP - - - name: onedir-nightly - provisioner: - salt_version: nightly - salt_bootstrap_options: -MP onedir %s - - - name: onedir-latest - provisioner: - salt_version: latest - salt_bootstrap_options: -MP onedir %s - - - name: onedir-3006 - provisioner: - salt_version: 3006 - salt_bootstrap_options: -MP onedir %s - - - name: onedir-3007 - provisioner: - salt_version: 3007 - salt_bootstrap_options: -MP onedir %s - - - name: onedir-rc-3008-0rc1 - provisioner: - salt_version: 3008.0rc1 - salt_bootstrap_options: -R staging.repo.saltproject.io -MP onedir_rc %s - excludes: - - arch - - gentoo - - opensuse-15 - - opensuse-tumbleweed - - ubuntu-2004 - - ubuntu-2204 - - - name: quickstart - provisioner: - salt_bootstrap_options: -Q - -verifier: - name: shell - remote_exec: false - command: pytest --cache-clear -v -s -ra --log-cli-level=info tests/integration/ diff --git a/salt-quick-start.sh b/salt-quick-start.sh index 8449abbf0..d4727ed27 100755 --- a/salt-quick-start.sh +++ b/salt-quick-start.sh @@ -1,7 +1,7 @@ #!/bin/sh __ScriptName="salt-quick-start.sh" -SALT_REPO_URL="https://repo.saltproject.io/salt/py3/onedir" +SALT_REPO_URL="https://packages.broadcom.com/artifactory/salt-project-generic/onedir" _COLORS=${QS_COLORS:-$(tput colors 2>/dev/null || echo 0)} _LOCAL=0 @@ -89,8 +89,20 @@ if [[ "$_LOCAL" == "1" && "$_FULL" == "1" ]]; then fi __parse_repo_json_jq() { - _JSON_FILE="${SALT_REPO_URL}/repo.json" - _JSON_VERSION=$(curl -s ${_JSON_FILE} | jq -sr ".[].latest[] | select(.os == \"$1\") | select(.arch == \"$2\").version") + + # $1 is OS_NAME + # $2 is ARCH + + # get dir listing from url, sort and pick highest + onedir_versions_tmpf=$(mktemp) + curr_pwd=$(pwd) + cd ${onedir_versions_tmpf} || return 1 + wget -r -np -nH --exclude-directories=onedir,relenv,windows -x -l 1 "$SALT_REPO_URL/" + # shellcheck disable=SC2010 + LATEST_VERSION=$(ls artifactory/saltproject-generic/onedir/ | grep -v 'index.html' | sort -V -u | tail -n 1) + cd ${curr_pwd} || return "${LATEST_VERSION}" + rm -fR ${onedir_versions_tmpf} + _JSON_VERSION="${LATEST_VERSION}" } __fetch_url() { @@ -146,7 +158,7 @@ fi __parse_repo_json_jq ${OS_NAME} ${CPU_ARCH_L} FILE="salt-${_JSON_VERSION}-onedir-${OS_NAME_L}-${CPU_ARCH_L}.tar.xz" -URL="${SALT_REPO_URL}/latest/${FILE}" +URL="${SALT_REPO_URL}/${_JSON_VERSION}/${FILE}" if [[ ! -f ${FILE} ]]; then echoinfo "Downloading Salt" diff --git a/tests/conftest.py b/tests/conftest.py index 864307c03..154b257c0 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,43 +1,12 @@ -import logging +import json import os -import pprint import pytest -import testinfra +import requests -log = logging.getLogger(__name__) - - -@pytest.fixture(scope="session") -def host(): - if ( - os.environ.get("RUNNER_OS", "") == "macOS" - and os.environ.get("KITCHEN_LOCAL_YAML", "") == "kitchen.macos.yml" - ): - # Adjust the `PATH` so that the `salt-call` executable can be found - os.environ["PATH"] = "/opt/salt/bin{}{}".format(os.pathsep, os.environ["PATH"]) - return testinfra.get_host("local://", sudo=True) - - if os.environ.get("KITCHEN_USERNAME") == "vagrant" or "windows" in os.environ.get( - "KITCHEN_INSTANCE" - ): - if "windows" in os.environ.get("KITCHEN_INSTANCE"): - _url = "winrm://{KITCHEN_USERNAME}:{KITCHEN_PASSWORD}@{KITCHEN_HOSTNAME}:{KITCHEN_PORT}".format( - **os.environ - ) - return testinfra.get_host( - _url, - no_ssl=True, - ) - return testinfra.get_host( - "paramiko://{KITCHEN_USERNAME}@{KITCHEN_HOSTNAME}:{KITCHEN_PORT}".format( - **os.environ - ), - ssh_identity_file=os.environ.get("KITCHEN_SSH_KEY"), - ) - return testinfra.get_host( - "docker://{KITCHEN_USERNAME}@{KITCHEN_CONTAINER_ID}".format(**os.environ) - ) +API_URL = ( + "https://packages.broadcom.com/artifactory/api/storage/saltproject-generic/windows" +) @pytest.fixture(scope="session") @@ -47,21 +16,26 @@ def target_python_version(): @pytest.fixture(scope="session") def target_salt_version(): - bootstrap_types = ("git", "stable", "onedir", "onedir_rc") - - # filter out any bootstrap types and then join - target_salt = ".".join( - [ - item - for item in os.environ["KITCHEN_SUITE"].split("-") - if item not in bootstrap_types - ] - ) - # target_salt = os.environ["KITCHEN_SUITE"].split("-", 1)[-1].replace("-", ".") + target_salt = os.environ.get("SaltVersion", "") + + html_response = requests.get(API_URL) + content = json.loads(html_response.text) + folders = content["children"] + versions = {} + for folder in folders: + if folder["folder"]: + version = folder["uri"].strip("/") + versions[version] = version + # We're trying to get the latest major version and latest overall + maj_version = version.split(".")[0] + versions[maj_version] = version + versions["latest"] = version if target_salt.startswith("v"): target_salt = target_salt[1:] + if target_salt not in versions: + pytest.skip(f"Invalid testing version: {target_salt}") if target_salt in ("default", "latest", "master", "nightly"): pytest.skip("Don't have a specific salt version to test against") - return target_salt + return versions[target_salt] diff --git a/tests/integration/__init__.py b/tests/integration/__init__.py deleted file mode 100644 index 40a96afc6..000000000 --- a/tests/integration/__init__.py +++ /dev/null @@ -1 +0,0 @@ -# -*- coding: utf-8 -*- diff --git a/tests/integration/test_installation.py b/tests/integration/test_installation.py index 9ee18d49c..f8427b675 100644 --- a/tests/integration/test_installation.py +++ b/tests/integration/test_installation.py @@ -1,31 +1,52 @@ +import json import logging import os -from contextlib import nullcontext +import platform +import subprocess + +import pytest log = logging.getLogger(__name__) -def selected_context_manager(host): - if "windows" in os.environ.get("KITCHEN_INSTANCE"): - return nullcontext() - return host.sudo() +@pytest.fixture +def path(): + if platform.system() == "Windows": + salt_path = "C:\\Program Files\\Salt Project\\Salt" + if salt_path not in os.environ["path"]: + os.environ["path"] = f'{os.environ["path"]};{salt_path}' + yield os.environ["path"] + + +def run_salt_call(cmd): + """ + Runs salt call command and returns a dictionary + Accepts cmd as a list + """ + cmd.append("--out=json") + result = subprocess.run(cmd, capture_output=True, text=True) + json_data = json.loads(result.stdout) + return json_data["local"] -def test_ping(host): - with selected_context_manager(host): - assert host.salt("test.ping", "--timeout=120") +def test_ping(path): + cmd = ["salt-call", "--local", "test.ping"] + result = run_salt_call(cmd) + assert result == True -def test_target_python_version(host, target_python_version): - with selected_context_manager(host): - ret = host.salt("grains.item", "pythonversion", "--timeout=120") - assert ret["pythonversion"][0] == target_python_version +def test_target_python_version(path, target_python_version): + cmd = ["salt-call", "--local", "grains.item", "pythonversion", "--timeout=120"] + result = run_salt_call(cmd) + # Returns: {'pythonversion': [3, 10, 11, 'final', 0]} + py_maj_ver = result["pythonversion"][0] + assert py_maj_ver == target_python_version -def test_target_salt_version(host, target_salt_version): - with selected_context_manager(host): - ret = host.salt("grains.item", "saltversion", "--timeout=120") - if target_salt_version.endswith(".0") or target_salt_version.endswith(".x"): - assert ret["saltversion"] == ".".join(target_salt_version.split(".")[:-1]) - else: - assert ret["saltversion"].startswith(target_salt_version) +def test_target_salt_version(path, target_salt_version): + if not target_salt_version: + pytest.skip(f"No target version specified") + cmd = ["salt-call", "--local", "grains.item", "saltversion", "--timeout=120"] + result = run_salt_call(cmd) + # Returns: {'saltversion': '3006.9+217.g53cfa53040'} + assert result["saltversion"] == target_salt_version \ No newline at end of file diff --git a/tests/requirements.txt b/tests/requirements.txt index 21d133da8..547de5c5b 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,5 +1,2 @@ -pytest-testinfra -paramiko -requests-ntlm==1.1.0; sys.platform == 'win32' -pywinrm; sys.platform == 'win32' -six>=1.10.0 +pytest +requests