primatekuntech/triton-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: sync installers from triton main (2026-05-21)

Browse source 
- fix: image name triton-manage-server → triton-manageserver (matches CI)
- feat: --license-pubkey flag on install.sh
- fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded
- fix: upgrade pg_dump reads POSTGRES_USER/DB from .env
- feat: force pull image from registry on install and upgrade
- feat: SCRIPT_VERSION printed as first line on every run
- fix: --yes flag on uninstall --purge-data for non-interactive (curl|bash) use

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
amir-climy 2026-05-21 23:02:13 +08:00
parent 846cfc3973
commit b2054a6dca
4 changed files with 60 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
manage-server/env.template
View file

@ -55,4 +55,4 @@ TLS_CERT_HOST_DIR=/etc/triton/tls
TRITON_MANAGE_SESSION_TTL=24h TRITON_MANAGE_SESSION_TTL=24h
# ─── Image ─────────────────────────────────────────────────────────────── # ─── Image ───────────────────────────────────────────────────────────────
TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manage-server:latest TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manageserver:latest

30
manage-server/install.sh
View file

@ -11,7 +11,11 @@
# --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN). # --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN).
# --manage-host-ip IP Host LAN IP — used for "+ This machine". # --manage-host-ip IP Host LAN IP — used for "+ This machine".
# --image TAG Pin a specific manage-server image tag. # --image TAG Pin a specific manage-server image tag.
# --license-pubkey HEX Hex-encoded Ed25519 public key from the licence server.
# Required when not baked into the image at build time.
# --no-tls Skip the TLS-required sanity check (dev). # --no-tls Skip the TLS-required sanity check (dev).
# --version Print script version and exit.
SCRIPT_VERSION="2026-05-21.4"
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
@ -20,17 +24,22 @@ cd "$SCRIPT_DIR"
info() { printf '[manage-server] %s\n' "$*"; } info() { printf '[manage-server] %s\n' "$*"; }
die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }
info "install.sh version $SCRIPT_VERSION"
# ── arg parsing ────────────────────────────────────────────────────────── # ── arg parsing ──────────────────────────────────────────────────────────
GATEWAY_HOST="" GATEWAY_HOST=""
HOST_IP="" HOST_IP=""
IMAGE="" IMAGE=""
LICENSE_PUBKEY=""
NO_TLS=0 NO_TLS=0
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
--gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;; --gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;;
--manage-host-ip) HOST_IP="$2"; shift 2 ;; --manage-host-ip) HOST_IP="$2"; shift 2 ;;
--image) IMAGE="$2"; shift 2 ;; --image) IMAGE="$2"; shift 2 ;;
--no-tls) NO_TLS=1; shift ;; --license-pubkey) LICENSE_PUBKEY="$2"; shift 2 ;;
--no-tls) NO_TLS=1; shift ;;
--version) echo "install.sh version $SCRIPT_VERSION"; exit 0 ;;
-h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
*) die "unknown flag: $1 (try --help)" ;; *) die "unknown flag: $1 (try --help)" ;;
esac esac
@ -73,9 +82,10 @@ if [[ ! -f "$ENV_FILE" ]]; then
"$ENV_FILE" "$ENV_FILE"
info "vault key generated (PostgreSQL AES-256-GCM)" info "vault key generated (PostgreSQL AES-256-GCM)"
[[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE" [[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE"
[[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE" [[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE"
[[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE" [[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE"
[[ -n "$LICENSE_PUBKEY" ]] && sed -i "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" "$ENV_FILE"
info ".env created at $ENV_FILE" info ".env created at $ENV_FILE"
info " back this up — it contains the JWT signing key, worker key, and vault key" info " back this up — it contains the JWT signing key, worker key, and vault key"
@ -83,9 +93,13 @@ else
info "reusing existing .env at $ENV_FILE" info "reusing existing .env at $ENV_FILE"
fi fi
# ── pull ─────────────────────────────────────────────────────────────────
info "pulling latest image from registry..."
"${COMPOSE[@]}" --env-file "$ENV_FILE" pull manage-server
# ── start ──────────────────────────────────────────────────────────────── # ── start ────────────────────────────────────────────────────────────────
info "starting containers..." info "starting containers..."
"${COMPOSE[@]}" --env-file "$ENV_FILE" up -d "${COMPOSE[@]}" --env-file "$ENV_FILE" up -d --force-recreate
# ── wait for health ────────────────────────────────────────────────────── # ── wait for health ──────────────────────────────────────────────────────
HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' "$ENV_FILE" | cut -d= -f2) HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' "$ENV_FILE" | cut -d= -f2)

29
manage-server/uninstall.sh
View file

@ -5,8 +5,11 @@
# Pass --purge-data to delete the volumes as well — irreversible. # Pass --purge-data to delete the volumes as well — irreversible.
# #
# Usage: # Usage:
# sudo bash uninstall.sh # stop + remove containers, keep DB # sudo bash uninstall.sh # stop + remove containers, keep DB
# sudo bash uninstall.sh --purge-data # also delete DB + binaries volume # sudo bash uninstall.sh --purge-data # also delete DB + binaries volume (interactive)
# sudo bash uninstall.sh --purge-data --yes # non-interactive purge (e.g. curl | bash)
# --version Print script version and exit.
SCRIPT_VERSION="2026-05-21.5"
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
@ -15,20 +18,26 @@ cd "$SCRIPT_DIR"
info() { printf '[manage-server] %s\n' "$*"; } info() { printf '[manage-server] %s\n' "$*"; }
die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }
info "uninstall.sh version $SCRIPT_VERSION"
[[ $EUID -eq 0 ]] || die "must run as root" [[ $EUID -eq 0 ]] || die "must run as root"
PURGE=0 PURGE=0
YES=0
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
--purge-data) PURGE=1; shift ;; --purge-data) PURGE=1; shift ;;
--yes) YES=1; shift ;;
--version) echo "uninstall.sh version $SCRIPT_VERSION"; exit 0 ;;
-h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
*) die "unknown flag: $1" ;; *) die "unknown flag: $1" ;;
esac esac
done done
if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose) RUNTIME=""
elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose) if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose); RUNTIME=podman
elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose) elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose); RUNTIME=podman
elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose); RUNTIME=docker
else die "no compose runtime found"; fi else die "no compose runtime found"; fi
if [[ -f .env ]]; then if [[ -f .env ]]; then
@ -36,14 +45,18 @@ if [[ -f .env ]]; then
"${COMPOSE[@]}" --env-file .env down "${COMPOSE[@]}" --env-file .env down
else else
info ".env not found, attempting raw container cleanup..." info ".env not found, attempting raw container cleanup..."
podman rm -f triton-manageserver triton-manage-db 2>/dev/null || true "${RUNTIME}" rm -f triton-manageserver triton-manage-db 2>/dev/null || true
fi fi
if [[ $PURGE -eq 1 ]]; then if [[ $PURGE -eq 1 ]]; then
info "DESTRUCTIVE: removing manage server volumes..." info "DESTRUCTIVE: removing manage server volumes..."
info " this deletes: scan history, hosts, users, worker binaries" info " this deletes: scan history, hosts, users, worker binaries"
read -r -p " Are you sure? Type 'yes' to confirm: " CONFIRM if [[ $YES -eq 0 ]]; then
[[ "$CONFIRM" == "yes" ]] || die "aborted" read -r -p " Are you sure? Type 'yes' to confirm: " CONFIRM
[[ "$CONFIRM" == "yes" ]] || die "aborted"
else
info " --yes flag set, skipping confirmation"
fi
for vol in triton-manage-db-data triton-manage-bins; do for vol in triton-manage-db-data triton-manage-bins; do
podman volume rm -f "$vol" 2>/dev/null \ podman volume rm -f "$vol" 2>/dev/null \
|| docker volume rm -f "$vol" 2>/dev/null \ || docker volume rm -f "$vol" 2>/dev/null \

22
manage-server/upgrade.sh
View file

@ -6,6 +6,8 @@
# Usage: # Usage:
# sudo bash upgrade.sh # latest from ghcr.io # sudo bash upgrade.sh # latest from ghcr.io
# sudo bash upgrade.sh --image TAG # pin a specific image # sudo bash upgrade.sh --image TAG # pin a specific image
# --version Print script version and exit.
SCRIPT_VERSION="2026-05-21.4"
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
@ -14,6 +16,8 @@ cd "$SCRIPT_DIR"
info() { printf '[manage-server] %s\n' "$*"; } info() { printf '[manage-server] %s\n' "$*"; }
die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }
info "upgrade.sh version $SCRIPT_VERSION"
[[ $EUID -eq 0 ]] || die "must run as root" [[ $EUID -eq 0 ]] || die "must run as root"
[[ -f .env ]] || die ".env not found — run install.sh first" [[ -f .env ]] || die ".env not found — run install.sh first"
@ -21,6 +25,7 @@ IMAGE=""
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
--image) IMAGE="$2"; shift 2 ;; --image) IMAGE="$2"; shift 2 ;;
--version) echo "upgrade.sh version $SCRIPT_VERSION"; exit 0 ;;
-h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
*) die "unknown flag: $1" ;; *) die "unknown flag: $1" ;;
esac esac
@ -31,23 +36,28 @@ if [[ -n "$IMAGE" ]]; then
info "pinned image to $IMAGE" info "pinned image to $IMAGE"
fi fi
if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose) RUNTIME=""
elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose) if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose); RUNTIME=podman
elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose) elif podman compose version >/dev/null 2>&1; then COMPOSE=(podman compose); RUNTIME=podman
elif docker compose version >/dev/null 2>&1; then COMPOSE=(docker compose); RUNTIME=docker
else die "no compose runtime found"; fi else die "no compose runtime found"; fi
info "pre-upgrade DB backup..." info "pre-upgrade DB backup..."
mkdir -p /var/backups/triton mkdir -p /var/backups/triton
DUMP_FILE="/var/backups/triton/manage-pre-upgrade-$(date +%F-%H%M%S).sql.gz" DUMP_FILE="/var/backups/triton/manage-pre-upgrade-$(date +%F-%H%M%S).sql.gz"
podman exec triton-manage-db pg_dump -U triton triton_manage 2>/dev/null \ PG_USER=$(grep -E '^POSTGRES_USER=' .env | cut -d= -f2)
PG_USER=${PG_USER:-triton}
PG_DB=$(grep -E '^POSTGRES_DB=' .env | cut -d= -f2)
PG_DB=${PG_DB:-triton_manage}
"${RUNTIME}" exec triton-manage-db pg_dump -U "$PG_USER" "$PG_DB" 2>/dev/null \
| gzip > "$DUMP_FILE" || die "pg_dump failed — aborting upgrade" | gzip > "$DUMP_FILE" || die "pg_dump failed — aborting upgrade"
info " saved: $DUMP_FILE" info " saved: $DUMP_FILE"
info "pulling latest image..." info "pulling latest image from registry..."
"${COMPOSE[@]}" --env-file .env pull manage-server "${COMPOSE[@]}" --env-file .env pull manage-server
info "recreating manage-server container..." info "recreating manage-server container..."
"${COMPOSE[@]}" --env-file .env up -d --no-deps manage-server "${COMPOSE[@]}" --env-file .env up -d --no-deps --force-recreate manage-server
HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' .env | cut -d= -f2) HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' .env | cut -d= -f2)
HOST_PORT=${HOST_PORT:-8082} HOST_PORT=${HOST_PORT:-8082}