primatekuntech/triton-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(install): check/generate machine-id and display binding hash

Browse source 
On Linux, ensure /etc/machine-id exists (generate via
systemd-machine-id-setup or urandom fallback if missing).
Compute SHA-3-256 and print both raw ID and hash at install
completion so operators can share it with the licence vendor
for offline/air-gap host binding.

Also mount /etc/machine-id:/etc/machine-id:ro in compose.yaml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
amir-climy 2026-05-22 21:19:08 +08:00
parent 2c3c2c2863
commit d974d6ca34
2 changed files with 37 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
manage-server/compose.yaml
View file

@ -64,6 +64,7 @@ services:
volumes: volumes:
- triton-manage-bins:/bins - triton-manage-bins:/bins
- ${TLS_CERT_HOST_DIR:-/etc/triton/tls}:/etc/triton/tls:ro - ${TLS_CERT_HOST_DIR:-/etc/triton/tls}:/etc/triton/tls:ro
- /etc/machine-id:/etc/machine-id:ro
ports: ports:
- "${TRITON_MANAGE_HOST_PORT:-8082}:8082" - "${TRITON_MANAGE_HOST_PORT:-8082}:8082"
- "${TRITON_MANAGE_GATEWAY_HOST_PORT:-8443}:8443" - "${TRITON_MANAGE_GATEWAY_HOST_PORT:-8443}:8443"

37
manage-server/install.sh
View file

@ -15,7 +15,7 @@
# Required when not baked into the image at build time. # Required when not baked into the image at build time.
# --no-tls Skip the TLS-required sanity check (dev). # --no-tls Skip the TLS-required sanity check (dev).
# --version Print script version and exit. # --version Print script version and exit.
SCRIPT_VERSION="2026-05-21.4" SCRIPT_VERSION="2026-05-22.1"
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
@ -47,6 +47,34 @@ done
[[ $EUID -eq 0 ]] || die "must run as root" [[ $EUID -eq 0 ]] || die "must run as root"
# ── machine-id ───────────────────────────────────────────────────────────
# /etc/machine-id is used for offline licence host binding.
# Ensure it exists; generate one if this is a fresh host.
MACHINE_ID_HASH=""
if [[ "$(uname -s)" == "Linux" ]]; then
if [[ ! -s /etc/machine-id ]]; then
info "generating /etc/machine-id..."
if command -v systemd-machine-id-setup >/dev/null 2>&1; then
systemd-machine-id-setup
else
printf '%032x\n' "$(od -An -N16 -tx1 /dev/urandom | tr -d ' \n')" 2>/dev/null \
|| head -c 16 /dev/urandom | od -An -tx1 | tr -d ' \n' | cut -c1-32 > /etc/machine-id
chmod 444 /etc/machine-id
fi
info "/etc/machine-id created"
fi
if command -v python3 >/dev/null 2>&1; then
MACHINE_ID_HASH=$(python3 -c "
import hashlib, sys
try:
data = open('/etc/machine-id').read().strip()
print(hashlib.sha3_256(data.encode()).hexdigest())
except Exception as e:
sys.exit(0)
" 2>/dev/null || true)
fi
fi
# ── runtime detection ──────────────────────────────────────────────────── # ── runtime detection ────────────────────────────────────────────────────
if command -v podman-compose >/dev/null 2>&1; then if command -v podman-compose >/dev/null 2>&1; then
COMPOSE=(podman-compose) COMPOSE=(podman-compose)
@ -125,3 +153,10 @@ info " - Enter your Triton licence server URL and licence ID"
info " - Or upload an air-gap licence file" info " - Or upload an air-gap licence file"
info " 3. Configure TLS via reverse proxy (see docs)" info " 3. Configure TLS via reverse proxy (see docs)"
info "" info ""
if [[ -n "$MACHINE_ID_HASH" ]]; then
info "Machine ID (for offline / air-gap licence binding):"
info " Raw: $(cat /etc/machine-id 2>/dev/null | tr -d '[:space:]')"
info " Hash: $MACHINE_ID_HASH"
info " Share the Hash with your licence vendor to bind the licence to this host."
info ""
fi