diff --git a/install-perfsonar b/install-perfsonar new file mode 100755 index 0000000..ad3a253 --- /dev/null +++ b/install-perfsonar @@ -0,0 +1,458 @@ +#!/bin/sh -e +# +# Install perfSONAR +# + +usage() +{ + cat <&2 + fi +} + + +die() +{ + warn "$@" + exit 1 +} + + +die_usage() +{ + usage 1>&2 + die +} + + +do_dry() +{ + if ${DRY_RUN:-true} + then + echo "$@" + else + "$@" + fi +} + + +narrate() +{ + printf "\n#\n# " + echo "$@" + printf "#\n\n" +} + + +# ----------------------------------------------------------------------------- + +# OS Identification, adapted from Unibuild + +# This page has some useful information about figuring out what +# distribution you're running: +# http://linuxmafia.com/faq/Admin/release-files.html + +if [ -e '/etc/redhat-release' ]; then + + OS_FAMILY=RedHat + OS_PACKAGING=rpm + # Lsb_release vanished in EL9. Do this stuff the hard way. + OS_DISTRO=$(source /etc/os-release && echo $ID) + OS_RELEASE=$(sed -e 's/^.*release\s\+//i; s/\s.*$//' /etc/redhat-release) + OS_CODENAME=$(sed -e 's/^.*[(]\([^)]\+\)[)].*$/\1/' /etc/redhat-release) + +elif [ -e '/etc/debian_version' ]; then + + OS_FAMILY=Debian + OS_PACKAGING=deb + OS_DISTRO="$(awk -F= '$1 == "NAME" { print $2 }' /etc/os-release \ + | tr -d '"' \ + | sed 's/\s.*$//')" + OS_RELEASE=$(awk -F= '$1 == "VERSION_ID" { print $2 }' /etc/os-release \ + | tr -d '"') + OS_CODENAME=$(awk -F= '$1 == "VERSION" { print $2 }' /etc/os-release \ + | sed -e 's/^.*[(]\(.*\)[)].*$/\1/') + +else + + die "Installation is not supported on this system." + +fi + +OS_MAJOR=$(echo "${OS_RELEASE}" | cut -d . -f 1) +OS_MINOR=$(echo "${OS_RELEASE}" | cut -d . -f 2) +OS_PATCH=$(echo "${OS_RELEASE}" | cut -d . -f 3) +OS_ARCH=$(uname -m) + +# ----------------------------------------------------------------------------- + +# Parse the Options + +AUTO_UPDATES=false +DRY_RUN=false +PS_REPO_VERSION=0.11-1 +REPO=production +SECURITY=false +TUNINGS=false + +while echo "$1" | egrep -q -e '^--' +do + case "$1" in + --auto-updates) + AUTO_UPDATES=true + shift + ;; + --dry-run) + DRY_RUN=true + shift + ;; + --ps-repo-version) + PS_REPO_VERSION=$2 + shift 2 + ;; + --repo) + REPO=$2 + shift 2 + ;; + --security) + SECURITY=true + shift + ;; + --tunings) + TUNINGS=true + shift + ;; + --help) + usage + exit 0 + ;; + --*) + die "Unknown option $1" + ;; + *) + # Anything not looking like an option is plain old + # arguments. The end. + break + ;; + esac +done + +[ $# -ge 1 ] || die_usage +PS_BUNDLE=$1 +shift + +case "${REPO}" in + production|staging|nightly-minor|nightly-patch) + true + ;; + *) + die "Unknown repository '${REPO}'." + ;; +esac + +case "${PS_BUNDLE}" in + tools|testpoint|core|toolkit) + true # This is fine. + ;; + archive) + [ \( "${OS_FAMILY}" = "RedHat" \) \ + -o \( "${OS_DISTRO}" = "Debian" -a "${OS_MAJOR}" -ge 11 \) \ + -o \( "${OS_DISTRO}" = "Ubuntu" -a "${OS_MAJOR}" -ge 22 \) \ + ] || die "The archive bundle is not supported on ${OS_DISTRO} ${OS_MAJOR}." + ;; + *) + die "Unknown bundle '${PS_BUNDLE}'." + ;; +esac + +# We need to set an environment variable for opensearch install. +# The value has to pass opensearch security checks length and character mix, +# but otherwise does not matter since it will be overwritten by +# a random password by perfsoanr-archive package. +INSTALL_ENV="" +case "${PS_BUNDLE}" in + core|toolkit|archive) + INSTALL_ENV="env OPENSEARCH_INITIAL_ADMIN_PASSWORD=perfSONAR123! " + ;; +esac + + +# ----------------------------------------------------------------------------- + + +[ $(id -u) -eq 0 ] || die "This program must be run as root." + + +cleanup() +{ + case "$?" in + 0) + printf "\n\nInstallation completed successfully.\n\n" + ;; + *) + printf "\n\nINSTALLATION FAILED\n\n" + ;; + esac +} +trap cleanup EXIT + + +install_redhat() +{ + case "${OS_MAJOR}" in + 7) + DNF=yum + ;; + *) + DNF=dnf + ;; + esac + + narrate Installing repositories + + do_dry $DNF -y install epel-release + case "${OS_MAJOR}" in + 8) + do_dry $DNF config-manager --set-enabled powertools + ;; + 9) + do_dry $DNF config-manager --set-enabled crb + ;; + *) + true + ;; + esac + + do_dry dnf -y install "http://software.internet2.edu/rpms/el${OS_MAJOR}/${OS_ARCH}/latest/packages/perfsonar-repo-${PS_REPO_VERSION}.noarch.rpm" + + case "${REPO}" in + staging|nightly-minor|nightly-patch) + narrate "Installing ${REPO} repository" + do_dry dnf -y install "perfsonar-repo-${REPO}" + # Remove prod repo so we can test a clean setup from chosen repo + do_dry dnf -y remove "perfsonar-repo" + ;; + *) + # Nothing to do; production is the default + true + ;; + esac + + do_dry $DNF clean all + + narrate Updating System + do_dry $DNF -y update + + narrate "Installing perfSONAR ${PS_BUNDLE} bundle" + + do_dry ${INSTALL_ENV}$DNF -y install "perfsonar-${PS_BUNDLE}" + + if $AUTO_UPDATES + then + narrate Configuring automatic updates + + if ! $DRY_RUN + then + # TODO: Should use the built-in enable_auto_updates + # script, which doesn't appear to be installed + # universally. + do_dry $DNF -y install dnf-automatic + if [ -f "/etc/dnf/automatic.conf" ]; then + sed -i "s/download_updates = .*/download_updates = yes/g" /etc/dnf/automatic.conf + sed -i "s/apply_updates = .*/apply_updates = yes/g" /etc/dnf/automatic.conf + systemctl enable --now dnf-automatic.timer + else + die "Unable to find DNF-automatic configuration." + fi + fi + fi + + if $SECURITY + then + narrate Installing security package + do_dry $DNF -y install perfsonar-toolkit-security + do_dry /usr/lib/perfsonar/scripts/configure_firewall install + fi + + if $TUNINGS + then + narrate Installing system tunings + do_dry $DNF -y install perfsonar-toolkit-sysctl + fi +} + + +install_debian() +{ + export DEBIAN_FRONTEND=noninteractive + + narrate Updating + + do_dry apt-get -y update + + narrate Installing prerequisites + + do_dry apt-get -y install \ + curl \ + software-properties-common + + narrate Installing repositories + + case "${REPO}" in + + production) + do_dry curl -o /etc/apt/sources.list.d/perfsonar-release.list \ + http://downloads.perfsonar.net/debian/perfsonar-release.list + if ! $DRY_RUN + then + # TODO: apt-key is deprecated on D11+. Says "Manage keyring + # files in trusted.gpg.d instead (see apt-key(8))." + curl http://downloads.perfsonar.net/debian/perfsonar-official.gpg.key | apt-key add - + else + echo "(Not installing perfSONAR GPG key)" + fi + + if [ "${OS_DISTRO}" = "Ubuntu" ] + then + do_dry add-apt-repository universe + fi + ;; + + staging) + LIST=/etc/apt/sources.list.d/perfsonar-minor-staging.list + do_dry rm -rf "${LIST}" + do_dry curl -o "${LIST}" http://downloads.perfsonar.net/debian/perfsonar-minor-staging.list + if ! $DRY_RUN + then + wget -qO - http://downloads.perfsonar.net/debian/perfsonar-snapshot.gpg.key | apt-key add - + else + echo "(Not installing perfSONAR snapshot GPG key)" + fi + ;; + + nightly-minor) + LIST=/etc/apt/sources.list.d/perfsonar-minor-snapshot.list + do_dry rm -rf "${LIST}" + do_dry curl -o "${LIST}" http://downloads.perfsonar.net/debian/perfsonar-minor-snapshot.list + if ! $DRY_RUN + then + wget -qO - http://downloads.perfsonar.net/debian/perfsonar-snapshot.gpg.key | apt-key add - + else + echo "(Not installing perfSONAR snapshot GPG key)" + fi + ;; + + nightly-minor|nightly-patch) + printf "\n\nNOTE: Installing the Debian minor snapshot repository\n\n" + ;; + + *) + # TODO: Find out how to run nightly + die "Repo ${REPO} is not supported yet on ${OS_DISTRO}." + ;; + + esac + + # TODO: Set up nightly/staging + + narrate Updating system + do_dry apt-get -y update + + narrate "Installing perfSONAR ${PS_BUNDLE} bundle" + do_dry ${INSTALL_ENV}apt-get -y install "perfsonar-${PS_BUNDLE}" + + if $AUTO_UPDATES + then + narrate Configuring automatic updates + do_dry apt-get -y install unattended-upgrades + FILE=/etc/apt/apt.conf.d/60unattended-upgrades-perfsonar + if ! $DRY_RUN + then + echo 'APT::Periodic::Update-Package-Lists "1";' > "${FILE}" + echo 'APT::Periodic::Unattended-Upgrade "1";' >> "${FILE}" + echo 'APT::Periodic::AutocleanInterval "31";' >> "${FILE}" + echo 'Unattended-Upgrade::Origins-Pattern:: "origin=perfSONAR";' >> "${FILE}" + else + echo "(Not writing ${FILE})" + fi + fi + + if $SECURITY + then + narrate Installing security package + do_dry apt-get -y install perfsonar-toolkit-security + fi + + if $TUNINGS + then + narrate Installing system tunings + do_dry apt-get -y install perfsonar-toolkit-sysctl + fi + + +} + + +case "${OS_FAMILY}" in + RedHat) + install_redhat + ;; + Debian) + install_debian + ;; + *) + die "Installation is not supported on ${OS_FAMILY}." + ;; +esac + + +# pSConfig + +if type -p psconfig > /dev/null +then + if [ $# -gt 0 ] + then + narrate Setting up pSConfig remotes + for URL in "$@" + do + echo "${URL}:" + psconfig remote add "${URL}" + echo + done + fi +fi