From c2a7445b1ee31e9bd8727523274f3881177540b5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 17 May 2026 08:33:44 +0000 Subject: [PATCH] chore: sync installers from triton v1.0.0-rc.2 --- manage-server/env.template | 24 +++++------------- manage-server/install.sh | 52 +++++++++++++------------------------- 2 files changed, 23 insertions(+), 53 deletions(-) diff --git a/manage-server/env.template b/manage-server/env.template index 4f341a0..f88f8a4 100644 --- a/manage-server/env.template +++ b/manage-server/env.template @@ -1,7 +1,8 @@ # Triton Manage Server environment template. # Copy to .env in this directory; install.sh does that automatically. # -# Required values are flagged. Generated values get auto-filled by install.sh. +# Generated values are filled by install.sh on first run. +# License configuration is completed via the setup wizard after install. # ─── PostgreSQL (auto-generated) ───────────────────────────────────────── POSTGRES_USER=triton @@ -9,16 +10,11 @@ POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__ POSTGRES_DB=triton_manage POSTGRES_PORT=5435 -# ─── Manage Server core (REQUIRED) ─────────────────────────────────────── +# ─── Manage Server core (auto-generated) ───────────────────────────────── # 32-byte HS256 secret as 64 hex chars. Generated once at install. # Rotating this invalidates every active session — users re-login. TRITON_MANAGE_JWT_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__ -# Public half of the License Server's Ed25519 keypair as 64 hex chars. -# Get this from the License Server operator: it's the last 64 hex -# characters of TRITON_LICENSE_SERVER_SIGNING_KEY. -TRITON_MANAGE_LICENSE_SERVER_PUBKEY=__SET_BY_INSTALL_FLAG__ - # ─── Listener ──────────────────────────────────────────────────────────── TRITON_MANAGE_LISTEN=:8082 TRITON_MANAGE_HOST_PORT=8082 @@ -35,22 +31,14 @@ TRITON_MANAGE_GATEWAY_URL= TRITON_MANAGE_HOST_IP= TRITON_MANAGE_HOST_HOSTNAME= -# ─── License Server connection (REQUIRED to activate) ──────────────────── -# URL of YOUR vendor's License Server. -TRITON_LICENSE_SERVER_URL=https://license.vendor.example.com -# License token issued by the vendor (paste into setup wizard, or here). -TRITON_LICENSE_TOKEN= -# Optional fallback key embedded in binary at build time. Usually empty. -TRITON_LICENSE_KEY= - -# ─── Workers ───────────────────────────────────────────────────────────── +# ─── Workers (auto-generated) ──────────────────────────────────────────── # Shared secret presented by sshagent / portscan workers when claiming jobs. TRITON_MANAGE_WORKER_KEY=__GENERATED_BY_INSTALL_SH__ # Concurrent scan jobs (1–50). Higher = more CPU + RAM. TRITON_MANAGE_PARALLELISM=10 -# ─── Credential vault ──────────────────────────────────────────────────── +# ─── Credential vault (auto-generated) ─────────────────────────────────── # PostgreSQL AES-256-GCM vault. Back this up — losing the key makes # all stored host credentials unreadable. TRITON_VAULT_KEY=__GENERATED_BY_INSTALL_SH__ @@ -67,4 +55,4 @@ TLS_CERT_HOST_DIR=/etc/triton/tls TRITON_MANAGE_SESSION_TTL=24h # ─── Image ─────────────────────────────────────────────────────────────── -TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manageserver:latest +TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manage-server:latest diff --git a/manage-server/install.sh b/manage-server/install.sh index 5587544..7f66d9e 100755 --- a/manage-server/install.sh +++ b/manage-server/install.sh @@ -5,19 +5,12 @@ # Container-based via Podman or Docker (auto-detected). # # Usage: -# sudo bash install.sh \ -# --license-server-pubkey HEX \ -# --license-server-url https://license.yourvendor.com \ -# --gateway-hostname manage.customer.com +# sudo bash install.sh # -# Flags: -# --license-server-pubkey HEX Ed25519 public half (64 hex chars). REQUIRED. -# Last 64 chars of vendor's TRITON_LICENSE_SERVER_SIGNING_KEY. -# --license-server-url URL URL of vendor's License Server. -# --license-token TOKEN Pre-fill activation token (else use the setup wizard). +# Flags (all optional): # --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN). # --manage-host-ip IP Host LAN IP — used for "+ This machine". -# --image TAG Pin a specific manage-server image. +# --image TAG Pin a specific manage-server image tag. # --no-tls Skip the TLS-required sanity check (dev). set -euo pipefail @@ -28,22 +21,16 @@ info() { printf '[manage-server] %s\n' "$*"; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } # ── arg parsing ────────────────────────────────────────────────────────── -LIC_PUBKEY="" -LIC_URL="" -LIC_TOKEN="" GATEWAY_HOST="" HOST_IP="" IMAGE="" NO_TLS=0 while [[ $# -gt 0 ]]; do case "$1" in - --license-server-pubkey) LIC_PUBKEY="$2"; shift 2 ;; - --license-server-url) LIC_URL="$2"; shift 2 ;; - --license-token) LIC_TOKEN="$2"; shift 2 ;; - --gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;; - --manage-host-ip) HOST_IP="$2"; shift 2 ;; - --image) IMAGE="$2"; shift 2 ;; - --no-tls) NO_TLS=1; shift ;; + --gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;; + --manage-host-ip) HOST_IP="$2"; shift 2 ;; + --image) IMAGE="$2"; shift 2 ;; + --no-tls) NO_TLS=1; shift ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; *) die "unknown flag: $1 (try --help)" ;; esac @@ -69,9 +56,6 @@ info "using runtime: $RUNTIME" # ── .env bootstrap ─────────────────────────────────────────────────────── ENV_FILE="$SCRIPT_DIR/.env" if [[ ! -f "$ENV_FILE" ]]; then - [[ -n "$LIC_PUBKEY" ]] || die "--license-server-pubkey required on first install" - [[ ${#LIC_PUBKEY} -eq 64 ]] || die "license-server-pubkey must be 64 hex chars" - info "writing .env from env.template" cp env.template "$ENV_FILE" chmod 600 "$ENV_FILE" @@ -85,19 +69,16 @@ if [[ ! -f "$ENV_FILE" ]]; then -e "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$PG_PASS|" \ -e "s|^TRITON_MANAGE_JWT_SIGNING_KEY=.*|TRITON_MANAGE_JWT_SIGNING_KEY=$JWT_KEY|" \ -e "s|^TRITON_MANAGE_WORKER_KEY=.*|TRITON_MANAGE_WORKER_KEY=$WORKER_KEY|" \ - -e "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LIC_PUBKEY|" \ -e "s|^TRITON_VAULT_KEY=.*|TRITON_VAULT_KEY=$VAULT_KEY|" \ "$ENV_FILE" info "vault key generated (PostgreSQL AES-256-GCM)" - [[ -n "$LIC_URL" ]] && sed -i "s|^TRITON_LICENSE_SERVER_URL=.*|TRITON_LICENSE_SERVER_URL=$LIC_URL|" "$ENV_FILE" - [[ -n "$LIC_TOKEN" ]] && sed -i "s|^TRITON_LICENSE_TOKEN=.*|TRITON_LICENSE_TOKEN=$LIC_TOKEN|" "$ENV_FILE" [[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE" - [[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE" - [[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE" + [[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE" + [[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE" info ".env created at $ENV_FILE" - info " back this up: it contains the JWT signing key, worker key, and vault key" + info " back this up — it contains the JWT signing key, worker key, and vault key" else info "reusing existing .env at $ENV_FILE" fi @@ -115,17 +96,18 @@ for i in $(seq 1 30); do CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${HOST_PORT}/" || echo "000") # 302 (redirect to setup or login) means the server is up. if [[ "$CODE" == "302" || "$CODE" == "200" ]]; then - info "manage server is up: http://localhost:${HOST_PORT}" + info "manage server is up" break fi sleep 2 done info "" -info "Next steps:" +info "Installation complete. Next steps:" info " 1. Open http://localhost:${HOST_PORT} (or your public URL)" -info " 2. Complete the setup wizard: create the admin user, paste the licence token" -info " 3. Configure TLS via reverse proxy (see prerequisites.md)" +info " 2. Complete the setup wizard:" +info " - Set your manage server name" +info " - Enter your Triton licence server URL and licence ID" +info " - Or upload an air-gap licence file" +info " 3. Configure TLS via reverse proxy (see docs)" info "" -info " License Server URL: $(grep ^TRITON_LICENSE_SERVER_URL= $ENV_FILE | cut -d= -f2-)" -info " Gateway hostname: $(grep ^TRITON_MANAGE_GATEWAY_HOSTNAME= $ENV_FILE | cut -d= -f2)"