config-mgmt/salt-states
0
0
Fork 0
Code Releases Activity
Files
b36d658ba1da7c1c7fa9497cc5f7a35e4bdc0308
salt-states/setup.sh
Keiran Snowden b36d658ba1 fix missing "then"
2025-12-28 20:03:18 -05:00

111 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e
SALT_VERSION='3007.1'
CYAN='\033[1;36m'
RED='\033[0;31m'
NC='\033[0m'
if [ $UID -ne 0 ]; then
echo -e "${RED}This script must run as root.${NC}"
exit 1
fi
if [ -f /etc/debian_version ]; then
PKG_CHECK='dpkg -l'
PKG_INSTALL='apt-get -y install'
elif [ -f /etc/redhat-release ]; then
PKG_CHECK='rpm -q'
PKG_INSTALL='yum -y install'
else
echo -e "${RED}Unrecognized OS${NC}"
exit 1
fi
TO_INSTALL=""
for PKG in jq curl python3-distro; do
if ! $PKG_CHECK $PKG &>/dev/null; then
TO_INSTALL="$TO_INSTALL $PKG"
fi
done
if [ -n "$TO_INSTALL" ]; then
echo -e "${CYAN}Installing ${TO_INSTALL}${NC}"
$PKG_INSTALL $TO_INSTALL
fi
DISTRO="$(python3 -m distro --json | jq -r .id)"
CODENAME="$(python3 -m distro --json | jq -r .codename)"
OS_VERSION="$(python3 -m distro --json | jq -r .version)"
PUBLIC_IPV4="$(curl -s -4 ifconfig.me)"
echo -e -n "${CYAN}Ensure $PUBLIC_IPV4 is whitelisted on the salt master, then press enter${NC}"
read
if ! [ -e /usr/bin/salt-call ]; then
if [[ "$DISTRO" == "fedora" ]]; then
mkdir -p /etc/salt/pki/minion
echo -e "${CYAN}Fedora detected - installing Python3.10 if not present, then using a venv${NC}"
if ! which python3.10 &>/dev/null; then
wget -O /usr/local/bin/python3.10 https://github.com/niess/python-appimage/releases/download/python3.10/python3.10.13-cp310-cp310-manylinux_2_28_x86_64.AppImage
chmod +x /usr/local/bin/python3.10
fi
[ -e /opt/saltstack/salt ] ||
/usr/local/bin/python3.10 -m venv /opt/saltstack/salt
/opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== ||
/opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION"
ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call
elif [[ "$(uname -m)" =~ arm* ]]; then
echo -e "${CYAN}Arm CPU detected. Using venv install method${NC}"
[ -e /opt/saltstack/salt ] ||
python3 -m venv /opt/saltstack/salt
/opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== ||
/opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION"
ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call
elif [[ "$DISTRO" == "centos" ]] || [[ "$DISTRO" == "almalinux" ]]; then
if [[ "$DISTRO" == "almalinux" ]]; then
OS_VERSION="$(python3 -m distro --json | jq -r .version_parts.major)"
fi
rpm --import https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
[ -f /etc/yum.repos.d/salt.repo ] ||
curl -fsSL -o /etc/yum.repos.d/salt.repo https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/minor/$SALT_VERSION.repo
yum clean all
yum install -y salt-minion
elif [[ "$DISTRO" == "ubuntu" ]]; then
mkdir -p /etc/apt/keyrings
KEYPATH=/etc/apt/keyrings/salt-archive-keyring-2023.gpg
curl -fsSL -o $KEYPATH https://repo.saltproject.io/salt/py3/ubuntu/$OS_VERSION/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
[ -f /etc/apt/sources.list.d/salt.list ] ||
echo "deb [signed-by=$KEYPATH arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/$OS_VERSION/amd64/minor/$SALT_VERSION $CODENAME main" > /etc/apt/sources.list.d/salt.list
apt-get update
apt-get -y install salt-minion
elif [[ "$DISTRO" == "debian" ]]; then
if [ $OS_VERSION -gt 11 ]; then
OS_VERSION=11
CODENAME=bullseye
fi
mkdir -p /etc/apt/keyrings
KEYPATH=/etc/apt/keyrings/salt-archive-keyring-2023.gpg
[ -f $KEYPATH ] ||
curl -fsSL -o $KEYPATH https://repo.saltproject.io/salt/py3/debian/$OS_VERSION/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
[ -f /etc/apt/sources.list.d/salt.list ] ||
echo "deb [signed-by=$KEYPATH arch=amd64] https://repo.saltproject.io/salt/py3/debian/$OS_VERSION/amd64/minor/$SALT_VERSION $CODENAME main" > /etc/apt/sources.list.d/salt.list
apt-get update
apt-get -y install salt-minion
else
echo -e "${RED}Unrecognized OS${NC}"
exit 1
fi
fi
APPLY='salt-call state.apply --master=kpi.keiran.us salt'
echo -e "${CYAN}Setup will now run:${NC}"
echo -e "$APPLY"
echo -e "${CYAN}The first run should send a key request to the master, then fail because it's not signed yet${NC}"
echo "Running..."
$APPLY || true
echo -e -n "${CYAN}Press enter once the salt-master has signed this key to re-run the command, (or ctrl+c and you can manually run it later)${NC}"
read
$APPLY
View Git Blame Copy Permalink