triton-install/manage-server/install.sh

#!/usr/bin/env bash
# install.sh — Triton Manage Server installer.
#
# Idempotent. Generates secrets on first run, reuses .env afterwards.
# Container-based via Podman or Docker (auto-detected).
#
# Usage:
#   sudo bash install.sh
#
# Flags (all optional):
#   --gateway-hostname HOST         Agent mTLS hostname (defaults to current FQDN).
#   --manage-host-ip IP             Host LAN IP — used for "+ This machine".
#   --image TAG                     Pin a specific manage-server image tag.
#   --license-pubkey HEX            Hex-encoded Ed25519 public key from the licence server.
#                                   Required when not baked into the image at build time.
#   --no-tls                        Skip the TLS-required sanity check (dev).
#   --version                       Print script version and exit.
SCRIPT_VERSION="2026-05-22.1"
set -euo pipefail

SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
cd "$SCRIPT_DIR"

info() { printf '[manage-server] %s\n' "$*"; }
die()  { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }

info "install.sh version $SCRIPT_VERSION"

# ── arg parsing ──────────────────────────────────────────────────────────
GATEWAY_HOST=""
HOST_IP=""
IMAGE=""
LICENSE_PUBKEY=""
NO_TLS=0
while [[ $# -gt 0 ]]; do
    case "$1" in
        --gateway-hostname) GATEWAY_HOST="$2";    shift 2 ;;
        --manage-host-ip)   HOST_IP="$2";         shift 2 ;;
        --image)            IMAGE="$2";           shift 2 ;;
        --license-pubkey)   LICENSE_PUBKEY="$2";  shift 2 ;;
        --no-tls)           NO_TLS=1;             shift ;;
        --version) echo "install.sh version $SCRIPT_VERSION"; exit 0 ;;
        -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
        *) die "unknown flag: $1 (try --help)" ;;
    esac
done

[[ $EUID -eq 0 ]] || die "must run as root"

# ── machine-id ───────────────────────────────────────────────────────────
# /etc/machine-id is used for offline licence host binding.
# Ensure it exists; generate one if this is a fresh host.
MACHINE_ID_HASH=""
if [[ "$(uname -s)" == "Linux" ]]; then
    if [[ ! -s /etc/machine-id ]]; then
        info "generating /etc/machine-id..."
        if command -v systemd-machine-id-setup >/dev/null 2>&1; then
            systemd-machine-id-setup
        else
            printf '%032x\n' "$(od -An -N16 -tx1 /dev/urandom | tr -d ' \n')" 2>/dev/null \
                || head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n' | cut -c1-32 > /etc/machine-id
            chmod 444 /etc/machine-id
        fi
        info "/etc/machine-id created"
    fi
    if command -v python3 >/dev/null 2>&1; then
        MACHINE_ID_HASH=$(python3 -c "
import hashlib, sys
try:
    data = open('/etc/machine-id').read().strip()
    print(hashlib.sha3_256(data.encode()).hexdigest())
except Exception as e:
    sys.exit(0)
" 2>/dev/null || true)
    fi
fi

# ── runtime detection ────────────────────────────────────────────────────
if command -v podman-compose >/dev/null 2>&1; then
    COMPOSE=(podman-compose)
    RUNTIME=podman
elif podman compose version >/dev/null 2>&1; then
    COMPOSE=(podman compose)
    RUNTIME=podman
elif docker compose version >/dev/null 2>&1; then
    COMPOSE=(docker compose)
    RUNTIME=docker
else
    die "no compose runtime found. Install podman-compose or docker compose."
fi
info "using runtime: $RUNTIME"

# ── .env bootstrap ───────────────────────────────────────────────────────
ENV_FILE="$SCRIPT_DIR/.env"
if [[ ! -f "$ENV_FILE" ]]; then
    info "writing .env from env.template"
    cp env.template "$ENV_FILE"
    chmod 600 "$ENV_FILE"

    PG_PASS=$(openssl rand -hex 24)
    JWT_KEY=$(openssl rand -hex 32)
    WORKER_KEY=$(openssl rand -hex 16)
    VAULT_KEY=$(openssl rand -hex 32)

    sed -i \
        -e "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$PG_PASS|" \
        -e "s|^TRITON_MANAGE_JWT_SIGNING_KEY=.*|TRITON_MANAGE_JWT_SIGNING_KEY=$JWT_KEY|" \
        -e "s|^TRITON_MANAGE_WORKER_KEY=.*|TRITON_MANAGE_WORKER_KEY=$WORKER_KEY|" \
        -e "s|^TRITON_VAULT_KEY=.*|TRITON_VAULT_KEY=$VAULT_KEY|" \
        "$ENV_FILE"
    info "vault key generated (PostgreSQL AES-256-GCM)"

    [[ -n "$GATEWAY_HOST"   ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|"             "$ENV_FILE"
    [[ -n "$HOST_IP"        ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|"                                   "$ENV_FILE"
    [[ -n "$IMAGE"          ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|"                                         "$ENV_FILE"
    [[ -n "$LICENSE_PUBKEY" ]] && sed -i "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" "$ENV_FILE"

    info ".env created at $ENV_FILE"
    info "  back this up — it contains the JWT signing key, worker key, and vault key"
else
    info "reusing existing .env at $ENV_FILE"
fi

# ── pull ─────────────────────────────────────────────────────────────────
info "pulling latest image from registry..."
"${COMPOSE[@]}" --env-file "$ENV_FILE" pull manage-server

# ── start ────────────────────────────────────────────────────────────────
info "starting containers..."
"${COMPOSE[@]}" --env-file "$ENV_FILE" up -d --force-recreate

# ── wait for health ──────────────────────────────────────────────────────
HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' "$ENV_FILE" | cut -d= -f2)
HOST_PORT=${HOST_PORT:-8082}

info "waiting for manage server to become healthy on :${HOST_PORT}..."
for i in $(seq 1 30); do
    CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${HOST_PORT}/" || echo "000")
    # 302 (redirect to setup or login) means the server is up.
    if [[ "$CODE" == "302" || "$CODE" == "200" ]]; then
        info "manage server is up"
        break
    fi
    sleep 2
done

info ""
info "Installation complete. Next steps:"
info "  1. Open http://localhost:${HOST_PORT} (or your public URL)"
info "  2. Complete the setup wizard:"
info "       - Set your manage server name"
info "       - Enter your Triton licence server URL and licence ID"
info "       - Or upload an air-gap licence file"
info "  3. Configure TLS via reverse proxy (see docs)"
info ""
if [[ -n "$MACHINE_ID_HASH" ]]; then
    info "Machine ID (for offline / air-gap licence binding):"
    info "  Raw:  $(cat /etc/machine-id 2>/dev/null | tr -d '[:space:]')"
    info "  Hash: $MACHINE_ID_HASH"
    info "  Share the Hash with your licence vendor to bind the licence to this host."
    info ""
fi
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`#!/usr/bin/env bash`
			`# install.sh — Triton Manage Server installer.`
			`#`
			`# Idempotent. Generates secrets on first run, reuses .env afterwards.`
			`# Container-based via Podman or Docker (auto-detected).`
			`#`
			`# Usage:`
chore: sync installers from triton v1.0.0-rc.3 2026-05-21 07:23:44 +00:00			`# sudo bash install.sh`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`#`
chore: sync installers from triton v1.0.0-rc.1 2026-05-20 15:01:09 +00:00			`# Flags (all optional):`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`# --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN).`
			`# --manage-host-ip IP Host LAN IP — used for "+ This machine".`
chore: sync installers from triton v1.0.0-rc.2 2026-05-17 08:33:44 +00:00			`# --image TAG Pin a specific manage-server image tag.`
chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`# --license-pubkey HEX Hex-encoded Ed25519 public key from the licence server.`
			`# Required when not baked into the image at build time.`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`# --no-tls Skip the TLS-required sanity check (dev).`
chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`# --version Print script version and exit.`
feat(install): check/generate machine-id and display binding hash On Linux, ensure /etc/machine-id exists (generate via systemd-machine-id-setup or urandom fallback if missing). Compute SHA-3-256 and print both raw ID and hash at install completion so operators can share it with the licence vendor for offline/air-gap host binding. Also mount /etc/machine-id:/etc/machine-id:ro in compose.yaml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-22 21:19:08 +08:00			`SCRIPT_VERSION="2026-05-22.1"`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`set -euo pipefail`

chore: sync installers from triton v1.0.0-rc.1 2026-05-20 15:01:09 +00:00			`SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`cd "$SCRIPT_DIR"`

			`info() { printf '[manage-server] %s\n' "$*"; }`
			`die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }`

chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`info "install.sh version $SCRIPT_VERSION"`

feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`# ── arg parsing ──────────────────────────────────────────────────────────`
			`GATEWAY_HOST=""`
			`HOST_IP=""`
			`IMAGE=""`
chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`LICENSE_PUBKEY=""`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`NO_TLS=0`
			`while [[ $# -gt 0 ]]; do`
			`case "$1" in`
chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`--gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;;`
			`--manage-host-ip) HOST_IP="$2"; shift 2 ;;`
			`--image) IMAGE="$2"; shift 2 ;;`
			`--license-pubkey) LICENSE_PUBKEY="$2"; shift 2 ;;`
			`--no-tls) NO_TLS=1; shift ;;`
			`--version) echo "install.sh version $SCRIPT_VERSION"; exit 0 ;;`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`-h\|--help) grep '^#' "$0" \| sed 's/^# //;s/^#//'; exit 0 ;;`
			`*) die "unknown flag: $1 (try --help)" ;;`
			`esac`
			`done`

chore: sync installers from triton v1.0.0-rc.3 2026-05-21 07:23:44 +00:00			`[[ $EUID -eq 0 ]] \|\| die "must run as root"`
feat(install): detect and display host architecture (amd64/arm64) Uses uname -m to detect x86_64/aarch64 and maps to the OCI arch name. Printed at startup so users can confirm the correct image variant will be pulled. Fails early on unsupported architectures. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 14:59:32 +08:00
feat(install): check/generate machine-id and display binding hash On Linux, ensure /etc/machine-id exists (generate via systemd-machine-id-setup or urandom fallback if missing). Compute SHA-3-256 and print both raw ID and hash at install completion so operators can share it with the licence vendor for offline/air-gap host binding. Also mount /etc/machine-id:/etc/machine-id:ro in compose.yaml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-22 21:19:08 +08:00			`# ── machine-id ───────────────────────────────────────────────────────────`
			`# /etc/machine-id is used for offline licence host binding.`
			`# Ensure it exists; generate one if this is a fresh host.`
			`MACHINE_ID_HASH=""`
			`if [[ "$(uname -s)" == "Linux" ]]; then`
			`if [[ ! -s /etc/machine-id ]]; then`
			`info "generating /etc/machine-id..."`
			`if command -v systemd-machine-id-setup >/dev/null 2>&1; then`
			`systemd-machine-id-setup`
			`else`
			`printf '%032x\n' "$(od -An -N16 -tx1 /dev/urandom \| tr -d ' \n')" 2>/dev/null \`
			`\|\| head -c 16 /dev/urandom \| od -An -tx1 \| tr -d ' \n' \| cut -c1-32 > /etc/machine-id`
			`chmod 444 /etc/machine-id`
			`fi`
			`info "/etc/machine-id created"`
			`fi`
			`if command -v python3 >/dev/null 2>&1; then`
			`MACHINE_ID_HASH=$(python3 -c "`
			`import hashlib, sys`
			`try:`
			`data = open('/etc/machine-id').read().strip()`
			`print(hashlib.sha3_256(data.encode()).hexdigest())`
			`except Exception as e:`
			`sys.exit(0)`
			`" 2>/dev/null \|\| true)`
			`fi`
			`fi`

feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`# ── runtime detection ────────────────────────────────────────────────────`
			`if command -v podman-compose >/dev/null 2>&1; then`
			`COMPOSE=(podman-compose)`
			`RUNTIME=podman`
			`elif podman compose version >/dev/null 2>&1; then`
			`COMPOSE=(podman compose)`
			`RUNTIME=podman`
			`elif docker compose version >/dev/null 2>&1; then`
			`COMPOSE=(docker compose)`
			`RUNTIME=docker`
			`else`
chore: sync installers from triton v1.0.0-rc.3 2026-05-21 07:23:44 +00:00			`die "no compose runtime found. Install podman-compose or docker compose."`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`fi`
			`info "using runtime: $RUNTIME"`

			`# ── .env bootstrap ───────────────────────────────────────────────────────`
			`ENV_FILE="$SCRIPT_DIR/.env"`
			`if [[ ! -f "$ENV_FILE" ]]; then`
			`info "writing .env from env.template"`
			`cp env.template "$ENV_FILE"`
			`chmod 600 "$ENV_FILE"`

			`PG_PASS=$(openssl rand -hex 24)`
			`JWT_KEY=$(openssl rand -hex 32)`
			`WORKER_KEY=$(openssl rand -hex 16)`
			`VAULT_KEY=$(openssl rand -hex 32)`

chore: sync installers from triton v1.0.0-rc.3 2026-05-21 07:23:44 +00:00			`sed -i \`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`-e "s\|^POSTGRES_PASSWORD=.*\|POSTGRES_PASSWORD=$PG_PASS\|" \`
			`-e "s\|^TRITON_MANAGE_JWT_SIGNING_KEY=.*\|TRITON_MANAGE_JWT_SIGNING_KEY=$JWT_KEY\|" \`
			`-e "s\|^TRITON_MANAGE_WORKER_KEY=.*\|TRITON_MANAGE_WORKER_KEY=$WORKER_KEY\|" \`
			`-e "s\|^TRITON_VAULT_KEY=.*\|TRITON_VAULT_KEY=$VAULT_KEY\|" \`
			`"$ENV_FILE"`
chore: sync installers from triton v1.0.0-rc.1 2026-05-20 15:01:09 +00:00			`info "vault key generated (PostgreSQL AES-256-GCM)"`
feat(install): license bundle approach — --license-file replaces pubkey fetch Remove auto-fetching pubkey from license server. Instead the vendor ships a bundle (license.lic + pubkey) and the installer reads both files from the same directory. Works for both online and air-gapped deployments. --license-server-url is now optional (heartbeats only, not required to start). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-19 23:29:19 +08:00
chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`[[ -n "$GATEWAY_HOST" ]] && sed -i "s\|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*\|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST\|" "$ENV_FILE"`
			`[[ -n "$HOST_IP" ]] && sed -i "s\|^TRITON_MANAGE_HOST_IP=.*\|TRITON_MANAGE_HOST_IP=$HOST_IP\|" "$ENV_FILE"`
			`[[ -n "$IMAGE" ]] && sed -i "s\|^TRITON_MANAGE_IMAGE=.*\|TRITON_MANAGE_IMAGE=$IMAGE\|" "$ENV_FILE"`
			`[[ -n "$LICENSE_PUBKEY" ]] && sed -i "s\|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*\|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY\|" "$ENV_FILE"`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00
			`info ".env created at $ENV_FILE"`
chore: sync installers from triton v1.0.0-rc.2 2026-05-17 08:33:44 +00:00			`info " back this up — it contains the JWT signing key, worker key, and vault key"`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`else`
			`info "reusing existing .env at $ENV_FILE"`
			`fi`

chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`# ── pull ─────────────────────────────────────────────────────────────────`
			`info "pulling latest image from registry..."`
			`"${COMPOSE[@]}" --env-file "$ENV_FILE" pull manage-server`

feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`# ── start ────────────────────────────────────────────────────────────────`
			`info "starting containers..."`
chore: sync installers from triton main (2026-05-21) - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl\|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-21 23:02:13 +08:00			`"${COMPOSE[@]}" --env-file "$ENV_FILE" up -d --force-recreate`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00
			`# ── wait for health ──────────────────────────────────────────────────────`
			`HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' "$ENV_FILE" \| cut -d= -f2)`
			`HOST_PORT=${HOST_PORT:-8082}`

			`info "waiting for manage server to become healthy on :${HOST_PORT}..."`
			`for i in $(seq 1 30); do`
			`CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${HOST_PORT}/" \|\| echo "000")`
chore: sync installers from triton v1.0.0-rc.1 2026-05-20 15:01:09 +00:00			`# 302 (redirect to setup or login) means the server is up.`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`if [[ "$CODE" == "302" \|\| "$CODE" == "200" ]]; then`
chore: sync installers from triton v1.0.0-rc.2 2026-05-17 08:33:44 +00:00			`info "manage server is up"`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`break`
			`fi`
			`sleep 2`
			`done`

			`info ""`
chore: sync installers from triton v1.0.0-rc.2 2026-05-17 08:33:44 +00:00			`info "Installation complete. Next steps:"`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`info " 1. Open http://localhost:${HOST_PORT} (or your public URL)"`
chore: sync installers from triton v1.0.0-rc.1 2026-05-20 15:01:09 +00:00			`info " 2. Complete the setup wizard:"`
			`info " - Set your manage server name"`
			`info " - Enter your Triton licence server URL and licence ID"`
			`info " - Or upload an air-gap licence file"`
chore: sync installers from triton v1.0.0-rc.2 2026-05-17 08:33:44 +00:00			`info " 3. Configure TLS via reverse proxy (see docs)"`
feat: initial installer scripts for manage server and license server 2026-05-17 08:57:58 +02:00			`info ""`
feat(install): check/generate machine-id and display binding hash On Linux, ensure /etc/machine-id exists (generate via systemd-machine-id-setup or urandom fallback if missing). Compute SHA-3-256 and print both raw ID and hash at install completion so operators can share it with the licence vendor for offline/air-gap host binding. Also mount /etc/machine-id:/etc/machine-id:ro in compose.yaml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-22 21:19:08 +08:00			`if [[ -n "$MACHINE_ID_HASH" ]]; then`
			`info "Machine ID (for offline / air-gap licence binding):"`
			`info " Raw: $(cat /etc/machine-id 2>/dev/null \| tr -d '[:space:]')"`
			`info " Hash: $MACHINE_ID_HASH"`
			`info " Share the Hash with your licence vendor to bind the licence to this host."`
			`info ""`
			`fi`