primatekuntech/triton-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: sync installers from triton v1.0.0-rc.2

Browse source
This commit is contained in:
github-actions[bot] 2026-05-17 08:33:44 +00:00
parent 286de6d3d0
commit c2a7445b1e
2 changed files with 23 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
manage-server/env.template
View file

@ -1,7 +1,8 @@
# Triton Manage Server environment template. # Triton Manage Server environment template.
# Copy to .env in this directory; install.sh does that automatically. # Copy to .env in this directory; install.sh does that automatically.
# #
# Required values are flagged. Generated values get auto-filled by install.sh. # Generated values are filled by install.sh on first run.
# License configuration is completed via the setup wizard after install.
# ─── PostgreSQL (auto-generated) ───────────────────────────────────────── # ─── PostgreSQL (auto-generated) ─────────────────────────────────────────
POSTGRES_USER=triton POSTGRES_USER=triton
@ -9,16 +10,11 @@ POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__
POSTGRES_DB=triton_manage POSTGRES_DB=triton_manage
POSTGRES_PORT=5435 POSTGRES_PORT=5435
# ─── Manage Server core (REQUIRED) ─────────────────────────────────────── # ─── Manage Server core (auto-generated) ─────────────────────────────────
# 32-byte HS256 secret as 64 hex chars. Generated once at install. # 32-byte HS256 secret as 64 hex chars. Generated once at install.
# Rotating this invalidates every active session — users re-login. # Rotating this invalidates every active session — users re-login.
TRITON_MANAGE_JWT_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__ TRITON_MANAGE_JWT_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__
# Public half of the License Server's Ed25519 keypair as 64 hex chars.
# Get this from the License Server operator: it's the last 64 hex
# characters of TRITON_LICENSE_SERVER_SIGNING_KEY.
TRITON_MANAGE_LICENSE_SERVER_PUBKEY=__SET_BY_INSTALL_FLAG__
# ─── Listener ──────────────────────────────────────────────────────────── # ─── Listener ────────────────────────────────────────────────────────────
TRITON_MANAGE_LISTEN=:8082 TRITON_MANAGE_LISTEN=:8082
TRITON_MANAGE_HOST_PORT=8082 TRITON_MANAGE_HOST_PORT=8082
@ -35,22 +31,14 @@ TRITON_MANAGE_GATEWAY_URL=
TRITON_MANAGE_HOST_IP= TRITON_MANAGE_HOST_IP=
TRITON_MANAGE_HOST_HOSTNAME= TRITON_MANAGE_HOST_HOSTNAME=
# ─── License Server connection (REQUIRED to activate) ──────────────────── # ─── Workers (auto-generated) ────────────────────────────────────────────
# URL of YOUR vendor's License Server.
TRITON_LICENSE_SERVER_URL=https://license.vendor.example.com
# License token issued by the vendor (paste into setup wizard, or here).
TRITON_LICENSE_TOKEN=
# Optional fallback key embedded in binary at build time. Usually empty.
TRITON_LICENSE_KEY=
# ─── Workers ─────────────────────────────────────────────────────────────
# Shared secret presented by sshagent / portscan workers when claiming jobs. # Shared secret presented by sshagent / portscan workers when claiming jobs.
TRITON_MANAGE_WORKER_KEY=__GENERATED_BY_INSTALL_SH__ TRITON_MANAGE_WORKER_KEY=__GENERATED_BY_INSTALL_SH__
# Concurrent scan jobs (150). Higher = more CPU + RAM. # Concurrent scan jobs (150). Higher = more CPU + RAM.
TRITON_MANAGE_PARALLELISM=10 TRITON_MANAGE_PARALLELISM=10
# ─── Credential vault ──────────────────────────────────────────────────── # ─── Credential vault (auto-generated) ───────────────────────────────────
# PostgreSQL AES-256-GCM vault. Back this up — losing the key makes # PostgreSQL AES-256-GCM vault. Back this up — losing the key makes
# all stored host credentials unreadable. # all stored host credentials unreadable.
TRITON_VAULT_KEY=__GENERATED_BY_INSTALL_SH__ TRITON_VAULT_KEY=__GENERATED_BY_INSTALL_SH__
@ -67,4 +55,4 @@ TLS_CERT_HOST_DIR=/etc/triton/tls
TRITON_MANAGE_SESSION_TTL=24h TRITON_MANAGE_SESSION_TTL=24h
# ─── Image ─────────────────────────────────────────────────────────────── # ─── Image ───────────────────────────────────────────────────────────────
TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manageserver:latest TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manage-server:latest

52
manage-server/install.sh
View file

@ -5,19 +5,12 @@
# Container-based via Podman or Docker (auto-detected). # Container-based via Podman or Docker (auto-detected).
# #
# Usage: # Usage:
# sudo bash install.sh \ # sudo bash install.sh
# --license-server-pubkey HEX \
# --license-server-url https://license.yourvendor.com \
# --gateway-hostname manage.customer.com
# #
# Flags: # Flags (all optional):
# --license-server-pubkey HEX Ed25519 public half (64 hex chars). REQUIRED.
# Last 64 chars of vendor's TRITON_LICENSE_SERVER_SIGNING_KEY.
# --license-server-url URL URL of vendor's License Server.
# --license-token TOKEN Pre-fill activation token (else use the setup wizard).
# --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN). # --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN).
# --manage-host-ip IP Host LAN IP — used for "+ This machine". # --manage-host-ip IP Host LAN IP — used for "+ This machine".
# --image TAG Pin a specific manage-server image. # --image TAG Pin a specific manage-server image tag.
# --no-tls Skip the TLS-required sanity check (dev). # --no-tls Skip the TLS-required sanity check (dev).
set -euo pipefail set -euo pipefail
@ -28,22 +21,16 @@ info() { printf '[manage-server] %s\n' "$*"; }
die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }
# ── arg parsing ────────────────────────────────────────────────────────── # ── arg parsing ──────────────────────────────────────────────────────────
LIC_PUBKEY=""
LIC_URL=""
LIC_TOKEN=""
GATEWAY_HOST="" GATEWAY_HOST=""
HOST_IP="" HOST_IP=""
IMAGE="" IMAGE=""
NO_TLS=0 NO_TLS=0
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
--license-server-pubkey) LIC_PUBKEY="$2"; shift 2 ;; --gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;;
--license-server-url) LIC_URL="$2"; shift 2 ;; --manage-host-ip) HOST_IP="$2"; shift 2 ;;
--license-token) LIC_TOKEN="$2"; shift 2 ;; --image) IMAGE="$2"; shift 2 ;;
--gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;; --no-tls) NO_TLS=1; shift ;;
--manage-host-ip) HOST_IP="$2"; shift 2 ;;
--image) IMAGE="$2"; shift 2 ;;
--no-tls) NO_TLS=1; shift ;;
-h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;; -h|--help) grep '^#' "$0" | sed 's/^# //;s/^#//'; exit 0 ;;
*) die "unknown flag: $1 (try --help)" ;; *) die "unknown flag: $1 (try --help)" ;;
esac esac
@ -69,9 +56,6 @@ info "using runtime: $RUNTIME"
# ── .env bootstrap ─────────────────────────────────────────────────────── # ── .env bootstrap ───────────────────────────────────────────────────────
ENV_FILE="$SCRIPT_DIR/.env" ENV_FILE="$SCRIPT_DIR/.env"
if [[ ! -f "$ENV_FILE" ]]; then if [[ ! -f "$ENV_FILE" ]]; then
[[ -n "$LIC_PUBKEY" ]] || die "--license-server-pubkey required on first install"
[[ ${#LIC_PUBKEY} -eq 64 ]] || die "license-server-pubkey must be 64 hex chars"
info "writing .env from env.template" info "writing .env from env.template"
cp env.template "$ENV_FILE" cp env.template "$ENV_FILE"
chmod 600 "$ENV_FILE" chmod 600 "$ENV_FILE"
@ -85,19 +69,16 @@ if [[ ! -f "$ENV_FILE" ]]; then
-e "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$PG_PASS|" \ -e "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$PG_PASS|" \
-e "s|^TRITON_MANAGE_JWT_SIGNING_KEY=.*|TRITON_MANAGE_JWT_SIGNING_KEY=$JWT_KEY|" \ -e "s|^TRITON_MANAGE_JWT_SIGNING_KEY=.*|TRITON_MANAGE_JWT_SIGNING_KEY=$JWT_KEY|" \
-e "s|^TRITON_MANAGE_WORKER_KEY=.*|TRITON_MANAGE_WORKER_KEY=$WORKER_KEY|" \ -e "s|^TRITON_MANAGE_WORKER_KEY=.*|TRITON_MANAGE_WORKER_KEY=$WORKER_KEY|" \
-e "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LIC_PUBKEY|" \
-e "s|^TRITON_VAULT_KEY=.*|TRITON_VAULT_KEY=$VAULT_KEY|" \ -e "s|^TRITON_VAULT_KEY=.*|TRITON_VAULT_KEY=$VAULT_KEY|" \
"$ENV_FILE" "$ENV_FILE"
info "vault key generated (PostgreSQL AES-256-GCM)" info "vault key generated (PostgreSQL AES-256-GCM)"
[[ -n "$LIC_URL" ]] && sed -i "s|^TRITON_LICENSE_SERVER_URL=.*|TRITON_LICENSE_SERVER_URL=$LIC_URL|" "$ENV_FILE"
[[ -n "$LIC_TOKEN" ]] && sed -i "s|^TRITON_LICENSE_TOKEN=.*|TRITON_LICENSE_TOKEN=$LIC_TOKEN|" "$ENV_FILE"
[[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE" [[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE"
[[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE" [[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE"
[[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE" [[ -n "$IMAGE" ]] && sed -i "s|^TRITON_MANAGE_IMAGE=.*|TRITON_MANAGE_IMAGE=$IMAGE|" "$ENV_FILE"
info ".env created at $ENV_FILE" info ".env created at $ENV_FILE"
info " back this up: it contains the JWT signing key, worker key, and vault key" info " back this up it contains the JWT signing key, worker key, and vault key"
else else
info "reusing existing .env at $ENV_FILE" info "reusing existing .env at $ENV_FILE"
fi fi
@ -115,17 +96,18 @@ for i in $(seq 1 30); do
CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${HOST_PORT}/" || echo "000") CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${HOST_PORT}/" || echo "000")
# 302 (redirect to setup or login) means the server is up. # 302 (redirect to setup or login) means the server is up.
if [[ "$CODE" == "302" || "$CODE" == "200" ]]; then if [[ "$CODE" == "302" || "$CODE" == "200" ]]; then
info "manage server is up: http://localhost:${HOST_PORT}" info "manage server is up"
break break
fi fi
sleep 2 sleep 2
done done
info "" info ""
info "Next steps:" info "Installation complete. Next steps:"
info " 1. Open http://localhost:${HOST_PORT} (or your public URL)" info " 1. Open http://localhost:${HOST_PORT} (or your public URL)"
info " 2. Complete the setup wizard: create the admin user, paste the licence token" info " 2. Complete the setup wizard:"
info " 3. Configure TLS via reverse proxy (see prerequisites.md)" info " - Set your manage server name"
info " - Enter your Triton licence server URL and licence ID"
info " - Or upload an air-gap licence file"
info " 3. Configure TLS via reverse proxy (see docs)"
info "" info ""
info " License Server URL: $(grep ^TRITON_LICENSE_SERVER_URL= $ENV_FILE | cut -d= -f2-)"
info " Gateway hostname: $(grep ^TRITON_MANAGE_GATEWAY_HOSTNAME= $ENV_FILE | cut -d= -f2)"