From b2054a6dcafbe54c2ea52d5dc22b232d2b0adb29 Mon Sep 17 00:00:00 2001 From: amir-climy Date: Thu, 21 May 2026 23:02:13 +0800 Subject: [PATCH] chore: sync installers from triton main (2026-05-21) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl|bash) use Co-Authored-By: Claude Sonnet 4.6 --- manage-server/env.template | 2 +- manage-server/install.sh | 30 ++++++++++++++++++++++-------- manage-server/uninstall.sh | 29 +++++++++++++++++++++-------- manage-server/upgrade.sh | 22 ++++++++++++++++------ 4 files changed, 60 insertions(+), 23 deletions(-) diff --git a/manage-server/env.template b/manage-server/env.template index f88f8a4..fb35155 100644 --- a/manage-server/env.template +++ b/manage-server/env.template @@ -55,4 +55,4 @@ TLS_CERT_HOST_DIR=/etc/triton/tls TRITON_MANAGE_SESSION_TTL=24h # ─── Image ─────────────────────────────────────────────────────────────── -TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manage-server:latest +TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manageserver:latest diff --git a/manage-server/install.sh b/manage-server/install.sh index 7f66d9e..075adc0 100755 --- a/manage-server/install.sh +++ b/manage-server/install.sh @@ -11,7 +11,11 @@ # --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN). # --manage-host-ip IP Host LAN IP — used for "+ This machine". # --image TAG Pin a specific manage-server image tag. +# --license-pubkey HEX Hex-encoded Ed25519 public key from the licence server. +# Required when not baked into the image at build time. # --no-tls Skip the TLS-required sanity check (dev). +# --version Print script version and exit. +SCRIPT_VERSION="2026-05-21.4" set -euo pipefail SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" @@ -20,17 +24,22 @@ cd "$SCRIPT_DIR" info() { printf '[manage-server] %s\n' "$*"; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } +info "install.sh version $SCRIPT_VERSION" + # ── arg parsing ────────────────────────────────────────────────────────── GATEWAY_HOST="" HOST_IP="" IMAGE="" +LICENSE_PUBKEY="" NO_TLS=0 while [[ $# -gt 0 ]]; do case "$1" in - --gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;; - --manage-host-ip) HOST_IP="$2"; shift 2 ;; - --image) IMAGE="$2"; shift 2 ;; - --no-tls) NO_TLS=1; shift ;; + --gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;; + --manage-host-ip) HOST_IP="$2"; shift 2 ;; + --image) IMAGE="$2"; shift 2 ;; + --license-pubkey) LICENSE_PUBKEY="$2"; shift 2 ;; + --no-tls) NO_TLS=1; shift ;; + --version) echo "install.sh version $SCRIPT_VERSION"; exit 0 ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; *) die "unknown flag: $1 (try --help)" ;; esac @@ -73,9 +82,10 @@ if [[ ! -f "$ENV_FILE" ]]; then "$ENV_FILE" info "vault key generated (PostgreSQL AES-256-GCM)" - [[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE" - [[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE" - [[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE" + [[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE" + [[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE" + [[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE" + [[ -n "$LICENSE_PUBKEY" ]] && sed -i "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" "$ENV_FILE" info ".env created at $ENV_FILE" info " back this up — it contains the JWT signing key, worker key, and vault key" @@ -83,9 +93,13 @@ else info "reusing existing .env at $ENV_FILE" fi +# ── pull ───────────────────────────────────────────────────────────────── +info "pulling latest image from registry..." +"${COMPOSE[@]}" --env-file "$ENV_FILE" pull manage-server + # ── start ──────────────────────────────────────────────────────────────── info "starting containers..." -"${COMPOSE[@]}" --env-file "$ENV_FILE" up -d +"${COMPOSE[@]}" --env-file "$ENV_FILE" up -d --force-recreate # ── wait for health ────────────────────────────────────────────────────── HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' "$ENV_FILE" | cut -d= -f2) diff --git a/manage-server/uninstall.sh b/manage-server/uninstall.sh index 52d87af..3334ddf 100755 --- a/manage-server/uninstall.sh +++ b/manage-server/uninstall.sh @@ -5,8 +5,11 @@ # Pass --purge-data to delete the volumes as well — irreversible. # # Usage: -# sudo bash uninstall.sh # stop + remove containers, keep DB -# sudo bash uninstall.sh --purge-data # also delete DB + binaries volume +# sudo bash uninstall.sh # stop + remove containers, keep DB +# sudo bash uninstall.sh --purge-data # also delete DB + binaries volume (interactive) +# sudo bash uninstall.sh --purge-data --yes # non-interactive purge (e.g. curl | bash) +# --version Print script version and exit. +SCRIPT_VERSION="2026-05-21.5" set -euo pipefail SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" @@ -15,20 +18,26 @@ cd "$SCRIPT_DIR" info() { printf '[manage-server] %s\n' "$*"; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } +info "uninstall.sh version $SCRIPT_VERSION" + [[ $EUID -eq 0 ]] || die "must run as root" PURGE=0 +YES=0 while [[ $# -gt 0 ]]; do case "$1" in --purge-data) PURGE=1; shift ;; + --yes) YES=1; shift ;; + --version) echo "uninstall.sh version $SCRIPT_VERSION"; exit 0 ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; *) die "unknown flag: $1" ;; esac done -if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose) -elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose) -elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose) +RUNTIME="" +if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose); RUNTIME=podman +elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose); RUNTIME=podman +elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose); RUNTIME=docker else die "no compose runtime found"; fi if [[ -f .env ]]; then @@ -36,14 +45,18 @@ if [[ -f .env ]]; then "${COMPOSE[@]}" --env-file .env down else info ".env not found, attempting raw container cleanup..." - podman rm -f triton-manageserver triton-manage-db 2>/dev/null || true + "${RUNTIME}" rm -f triton-manageserver triton-manage-db 2>/dev/null || true fi if [[ $PURGE -eq 1 ]]; then info "DESTRUCTIVE: removing manage server volumes..." info " this deletes: scan history, hosts, users, worker binaries" - read -r -p " Are you sure? Type 'yes' to confirm: " CONFIRM - [[ "$CONFIRM" == "yes" ]] || die "aborted" + if [[ $YES -eq 0 ]]; then + read -r -p " Are you sure? Type 'yes' to confirm: " CONFIRM + [[ "$CONFIRM" == "yes" ]] || die "aborted" + else + info " --yes flag set, skipping confirmation" + fi for vol in triton-manage-db-data triton-manage-bins; do podman volume rm -f "$vol" 2>/dev/null \ || docker volume rm -f "$vol" 2>/dev/null \ diff --git a/manage-server/upgrade.sh b/manage-server/upgrade.sh index ffc2668..c9683e7 100755 --- a/manage-server/upgrade.sh +++ b/manage-server/upgrade.sh @@ -6,6 +6,8 @@ # Usage: # sudo bash upgrade.sh # latest from ghcr.io # sudo bash upgrade.sh --image TAG # pin a specific image +# --version Print script version and exit. +SCRIPT_VERSION="2026-05-21.4" set -euo pipefail SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" @@ -14,6 +16,8 @@ cd "$SCRIPT_DIR" info() { printf '[manage-server] %s\n' "$*"; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } +info "upgrade.sh version $SCRIPT_VERSION" + [[ $EUID -eq 0 ]] || die "must run as root" [[ -f .env ]] || die ".env not found — run install.sh first" @@ -21,6 +25,7 @@ IMAGE="" while [[ $# -gt 0 ]]; do case "$1" in --image) IMAGE="$2"; shift 2 ;; + --version) echo "upgrade.sh version $SCRIPT_VERSION"; exit 0 ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; *) die "unknown flag: $1" ;; esac @@ -31,23 +36,28 @@ if [[ -n "$IMAGE" ]]; then info "pinned image to $IMAGE" fi -if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose) -elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose) -elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose) +RUNTIME="" +if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose); RUNTIME=podman +elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose); RUNTIME=podman +elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose); RUNTIME=docker else die "no compose runtime found"; fi info "pre-upgrade DB backup..." mkdir -p /var/backups/triton DUMP_FILE="/var/backups/triton/manage-pre-upgrade-$(date +%F-%H%M%S).sql.gz" -podman exec triton-manage-db pg_dump -U triton triton_manage 2>/dev/null \ +PG_USER=$(grep -E '^POSTGRES_USER=' .env | cut -d= -f2) +PG_USER=${PG_USER:-triton} +PG_DB=$(grep -E '^POSTGRES_DB=' .env | cut -d= -f2) +PG_DB=${PG_DB:-triton_manage} +"${RUNTIME}" exec triton-manage-db pg_dump -U "$PG_USER" "$PG_DB" 2>/dev/null \ | gzip > "$DUMP_FILE" || die "pg_dump failed — aborting upgrade" info " saved: $DUMP_FILE" -info "pulling latest image..." +info "pulling latest image from registry..." "${COMPOSE[@]}" --env-file .env pull manage-server info "recreating manage-server container..." -"${COMPOSE[@]}" --env-file .env up -d --no-deps manage-server +"${COMPOSE[@]}" --env-file .env up -d --no-deps --force-recreate manage-server HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' .env | cut -d= -f2) HOST_PORT=${HOST_PORT:-8082}