chore: sync installers from triton main (2026-05-21)

- fix: image name triton-manage-server → triton-manageserver (matches CI) - feat: --license-pubkey flag on install.sh - fix: uninstall/upgrade use detected runtime (podman/docker) not hardcoded - fix: upgrade pg_dump reads POSTGRES_USER/DB from .env - feat: force pull image from registry on install and upgrade - feat: SCRIPT_VERSION printed as first line on every run - fix: --yes flag on uninstall --purge-data for non-interactive (curl|bash) use Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 23:02:13 +08:00 · 2026-05-21 23:02:13 +08:00 · b2054a6dca
commit b2054a6dca
parent 846cfc3973
4 changed files with 60 additions and 23 deletions
--- a/manage-server/env.template
+++ b/manage-server/env.template
@ -55,4 +55,4 @@ TLS_CERT_HOST_DIR=/etc/triton/tls
 TRITON_MANAGE_SESSION_TTL=24h

 # ─── Image ───────────────────────────────────────────────────────────────
-TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manage-server:latest
+TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manageserver:latest
--- a/manage-server/install.sh
+++ b/manage-server/install.sh
@ -11,7 +11,11 @@
 #   --gateway-hostname HOST         Agent mTLS hostname (defaults to current FQDN).
 #   --manage-host-ip IP             Host LAN IP — used for "+ This machine".
 #   --image TAG                     Pin a specific manage-server image tag.
+#   --license-pubkey HEX            Hex-encoded Ed25519 public key from the licence server.
+#                                   Required when not baked into the image at build time.
 #   --no-tls                        Skip the TLS-required sanity check (dev).
+#   --version                       Print script version and exit.
+SCRIPT_VERSION="2026-05-21.4"
 set -euo pipefail

 SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
@ -20,17 +24,22 @@ cd "$SCRIPT_DIR"
 info() { printf '[manage-server] %s\n' "$*"; }
 die()  { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }

+info "install.sh version $SCRIPT_VERSION"
+
 # ── arg parsing ──────────────────────────────────────────────────────────
 GATEWAY_HOST=""
 HOST_IP=""
 IMAGE=""
+LICENSE_PUBKEY=""
 NO_TLS=0
 while [[ $# -gt 0 ]]; do
    case "$1" in
        --gateway-hostname) GATEWAY_HOST="$2";    shift 2 ;;
        --manage-host-ip)   HOST_IP="$2";         shift 2 ;;
        --image)            IMAGE="$2";           shift 2 ;;
+        --license-pubkey)   LICENSE_PUBKEY="$2";  shift 2 ;;
        --no-tls)           NO_TLS=1;             shift ;;
+        --version) echo "install.sh version $SCRIPT_VERSION"; exit 0 ;;
        -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
        *) die "unknown flag: $1 (try --help)" ;;
    esac
@ -76,6 +85,7 @@ if [[ ! -f "$ENV_FILE" ]]; then
    [[ -n "$GATEWAY_HOST"   ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|"             "$ENV_FILE"
    [[ -n "$HOST_IP"        ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|"                                   "$ENV_FILE"
    [[ -n "$IMAGE"          ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|"                                         "$ENV_FILE"
+    [[ -n "$LICENSE_PUBKEY" ]] && sed -i "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" "$ENV_FILE"

    info ".env created at $ENV_FILE"
    info "  back this up — it contains the JWT signing key, worker key, and vault key"
@ -83,9 +93,13 @@ else
    info "reusing existing .env at $ENV_FILE"
 fi

+# ── pull ─────────────────────────────────────────────────────────────────
+info "pulling latest image from registry..."
+"${COMPOSE[@]}" --env-file "$ENV_FILE" pull manage-server
+
 # ── start ────────────────────────────────────────────────────────────────
 info "starting containers..."
-"${COMPOSE[@]}" --env-file "$ENV_FILE" up -d
+"${COMPOSE[@]}" --env-file "$ENV_FILE" up -d --force-recreate

 # ── wait for health ──────────────────────────────────────────────────────
 HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' "$ENV_FILE" | cut -d= -f2)
--- a/manage-server/uninstall.sh
+++ b/manage-server/uninstall.sh
@ -6,7 +6,10 @@
 #
 # Usage:
 #   sudo bash uninstall.sh                       # stop + remove containers, keep DB
-#   sudo bash uninstall.sh --purge-data  # also delete DB + binaries volume
+#   sudo bash uninstall.sh --purge-data          # also delete DB + binaries volume (interactive)
+#   sudo bash uninstall.sh --purge-data --yes    # non-interactive purge (e.g. curl | bash)
+#   --version                                    Print script version and exit.
+SCRIPT_VERSION="2026-05-21.5"
 set -euo pipefail

 SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
@ -15,20 +18,26 @@ cd "$SCRIPT_DIR"
 info() { printf '[manage-server] %s\n' "$*"; }
 die()  { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }

+info "uninstall.sh version $SCRIPT_VERSION"
+
 [[ $EUID -eq 0 ]] || die "must run as root"

 PURGE=0
+YES=0
 while [[ $# -gt 0 ]]; do
    case "$1" in
        --purge-data) PURGE=1; shift ;;
+        --yes)        YES=1;   shift ;;
+        --version) echo "uninstall.sh version $SCRIPT_VERSION"; exit 0 ;;
        -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
        *) die "unknown flag: $1" ;;
    esac
 done

-if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose)
-elif podman compose version >/dev/null 2>&1; then  COMPOSE=(podman compose)
-elif docker compose version >/dev/null 2>&1; then  COMPOSE=(docker compose)
+RUNTIME=""
+if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose); RUNTIME=podman
+elif podman compose version >/dev/null 2>&1; then  COMPOSE=(podman compose);  RUNTIME=podman
+elif docker compose version >/dev/null 2>&1; then  COMPOSE=(docker compose);  RUNTIME=docker
 else die "no compose runtime found"; fi

 if [[ -f .env ]]; then
@ -36,14 +45,18 @@ if [[ -f .env ]]; then
    "${COMPOSE[@]}" --env-file .env down
 else
    info ".env not found, attempting raw container cleanup..."
-    podman rm -f triton-manageserver triton-manage-db 2>/dev/null || true
+    "${RUNTIME}" rm -f triton-manageserver triton-manage-db 2>/dev/null || true
 fi

 if [[ $PURGE -eq 1 ]]; then
    info "DESTRUCTIVE: removing manage server volumes..."
    info "  this deletes: scan history, hosts, users, worker binaries"
+    if [[ $YES -eq 0 ]]; then
        read -r -p "  Are you sure? Type 'yes' to confirm: " CONFIRM
        [[ "$CONFIRM" == "yes" ]] || die "aborted"
+    else
+        info "  --yes flag set, skipping confirmation"
+    fi
    for vol in triton-manage-db-data triton-manage-bins; do
        podman volume rm -f "$vol" 2>/dev/null \
            || docker volume rm -f "$vol" 2>/dev/null \
--- a/manage-server/upgrade.sh
+++ b/manage-server/upgrade.sh
@ -6,6 +6,8 @@
 # Usage:
 #   sudo bash upgrade.sh                # latest from ghcr.io
 #   sudo bash upgrade.sh --image TAG    # pin a specific image
+#   --version                           Print script version and exit.
+SCRIPT_VERSION="2026-05-21.4"
 set -euo pipefail

 SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
@ -14,6 +16,8 @@ cd "$SCRIPT_DIR"
 info() { printf '[manage-server] %s\n' "$*"; }
 die()  { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }

+info "upgrade.sh version $SCRIPT_VERSION"
+
 [[ $EUID -eq 0 ]] || die "must run as root"
 [[ -f .env     ]] || die ".env not found — run install.sh first"

@ -21,6 +25,7 @@ IMAGE=""
 while [[ $# -gt 0 ]]; do
    case "$1" in
        --image) IMAGE="$2"; shift 2 ;;
+        --version) echo "upgrade.sh version $SCRIPT_VERSION"; exit 0 ;;
        -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
        *) die "unknown flag: $1" ;;
    esac
@ -31,23 +36,28 @@ if [[ -n "$IMAGE" ]]; then
    info "pinned image to $IMAGE"
 fi

-if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose)
-elif podman compose version >/dev/null 2>&1; then  COMPOSE=(podman compose)
-elif docker compose version >/dev/null 2>&1; then  COMPOSE=(docker compose)
+RUNTIME=""
+if command -v podman-compose >/dev/null 2>&1; then COMPOSE=(podman-compose); RUNTIME=podman
+elif podman compose version >/dev/null 2>&1; then  COMPOSE=(podman compose);  RUNTIME=podman
+elif docker compose version >/dev/null 2>&1; then  COMPOSE=(docker compose);  RUNTIME=docker
 else die "no compose runtime found"; fi

 info "pre-upgrade DB backup..."
 mkdir -p /var/backups/triton
 DUMP_FILE="/var/backups/triton/manage-pre-upgrade-$(date +%F-%H%M%S).sql.gz"
-podman exec triton-manage-db pg_dump -U triton triton_manage 2>/dev/null \
+PG_USER=$(grep -E '^POSTGRES_USER=' .env | cut -d= -f2)
+PG_USER=${PG_USER:-triton}
+PG_DB=$(grep -E '^POSTGRES_DB=' .env | cut -d= -f2)
+PG_DB=${PG_DB:-triton_manage}
+"${RUNTIME}" exec triton-manage-db pg_dump -U "$PG_USER" "$PG_DB" 2>/dev/null \
    | gzip > "$DUMP_FILE" || die "pg_dump failed — aborting upgrade"
 info "  saved: $DUMP_FILE"

-info "pulling latest image..."
+info "pulling latest image from registry..."
 "${COMPOSE[@]}" --env-file .env pull manage-server

 info "recreating manage-server container..."
-"${COMPOSE[@]}" --env-file .env up -d --no-deps manage-server
+"${COMPOSE[@]}" --env-file .env up -d --no-deps --force-recreate manage-server

 HOST_PORT=$(grep -E '^TRITON_MANAGE_HOST_PORT=' .env | cut -d= -f2)
 HOST_PORT=${HOST_PORT:-8082}