#!/bin/bash set -e SALT_VERSION='3006.4' CYAN='\033[1;36m' RED='\033[0;31m' NC='\033[0m' if [ $UID -ne 0 ]; then echo -e "${RED}This script must run as root.${NC}" exit 1 fi if [ -f /etc/debian_version ]; then PKG_CHECK='dpkg -l' PKG_INSTALL='apt-get -y install' elif [ -f /etc/redhat-release ]; then PKG_CHECK='rpm -q' PKG_INSTALL='yum -y install' else echo -e "${RED}Unrecognized OS${NC}" exit 1 fi TO_INSTALL="" for PKG in jq curl python3-distro; do if ! $PKG_CHECK $PKG &>/dev/null; then TO_INSTALL="$TO_INSTALL $PKG" fi done if [ -n "$TO_INSTALL" ]; then echo -e "${CYAN}Installing ${TO_INSTALL}${NC}" $PKG_INSTALL $TO_INSTALL fi DISTRO="$(python3 -m distro --json | jq -r .id)" CODENAME="$(python3 -m distro --json | jq -r .codename)" OS_VERSION="$(python3 -m distro --json | jq -r .version)" PUBLIC_IPV4="$(curl -s -4 ifconfig.me)" echo -e -n "${CYAN}Ensure $PUBLIC_IPV4 is whitelisted on the salt master, then press enter${NC}" read if ! [ -e /usr/bin/salt-call ]; then if [[ "$DISTRO" == "fedora" ]]; then echo -e "${CYAN}Fedora detected - installing Python3.10 if not present, then using a venv${NC}" if ! which python3.10 &>/dev/null; then wget -O /usr/local/bin/python3.10 https://github.com/niess/python-appimage/releases/download/python3.10/python3.10.13-cp310-cp310-manylinux_2_28_x86_64.AppImage chmod +x /usr/local/bin/python3.10 fi [ -e /opt/saltstack/salt ] || /usr/local/bin/python3.10 -m venv /opt/saltstack/salt /opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== || /opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION" ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call elif [[ "$(uname -m)" =~ arm* ]]; then echo -e "${CYAN}Arm CPU detected. Using venv install method${NC}" [ -e /opt/saltstack/salt ] || python3 -m venv /opt/saltstack/salt /opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== || /opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION" ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call elif [[ "$DISTRO" == "centos" ]]; then rpm --import https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub [ -f /etc/yum.repos.d/salt.repo ] || curl -fsSL -o /etc/yum.repos.d/salt.repo https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/minor/$SALT_VERSION.repo yum clean all yum install -y salt-minion elif [[ "$DISTRO" == "ubuntu" ]]; then mkdir -p /etc/apt/keyrings KEYPATH=/etc/apt/keyrings/salt-archive-keyring-2023.gpg curl -fsSL -o $KEYPATH https://repo.saltproject.io/salt/py3/ubuntu/$OS_VERSION/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg [ -f /etc/apt/sources.list.d/salt.list ] || echo "deb [signed-by=$KEYPATH arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/$OS_VERSION/amd64/minor/$SALT_VERSION $CODENAME main" > /etc/apt/sources.list.d/salt.list apt-get update apt-get -y install salt-minion elif [[ "$DISTRO" == "debian" ]]; then if [ $OS_VERSION -gt 11 ]; then OS_VERSION=11 CODENAME=bullseye fi mkdir -p /etc/apt/keyrings KEYPATH=/etc/apt/keyrings/salt-archive-keyring-2023.gpg [ -f $KEYPATH ] || curl -fsSL -o $KEYPATH https://repo.saltproject.io/salt/py3/debian/$OS_VERSION/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg [ -f /etc/apt/sources.list.d/salt.list ] || echo "deb [signed-by=$KEYPATH arch=amd64] https://repo.saltproject.io/salt/py3/debian/$OS_VERSION/amd64/minor/$SALT_VERSION $CODENAME main" > /etc/apt/sources.list.d/salt.list apt-get update apt-get -y install salt-minion else echo -e "${RED}Unrecognized OS${NC}" exit 1 fi fi APPLY='salt-call state.apply --master=kpi.keiran.us salt' echo -e "${CYAN}Setup will now run:${NC}" echo -e "$APPLY" echo -e "${CYAN}The first run should send a key request to the master, then fail because it's not signed yet${NC}" echo "Running..." $APPLY || true echo -e -n "${CYAN}Press enter once the salt-master has signed this key to re-run the command, (or ctrl+c and you can manually run it later)${NC}" read $APPLY