Moved to deb822.

2026-03-11 02:01:46 +00:00 · 2026-03-11 02:01:46 +00:00 · 36fc1ebba0
parent d4c0133e7e
commit 36fc1ebba0
1 changed files with 75 additions and 109 deletions
--- a/010_saltstack.sh
+++ b/010_saltstack.sh
@ -1,126 +1,92 @@
 #!/usr/bin/env bash
-# Install salt
-# ascii/stretch version  2016.11.2+ds-1
-# ceres version          2017.7.1+ds-1
-# saltstack repo version 2017.7.1+ds-1
-
-
-# Debian 11 (Bullseye):
-
-
-# sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
-# echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/debian/11/amd64/latest bullseye main" | sudo tee /etc/apt/sources.list.d/salt.list
-
-#DEBIAN_VERSION=8
-#DEBIAN_RELEASE=jessie
-
-#DEBIAN_VERSION=11
-#DEBIAN_RELEASE=bullseye
+set -e # Exit immediately if a command exits with a non-zero status

+# --- Variables ---
 ARCH="amd64"
+DEBIAN_RELEASE="bookworm"
+APP="saltstack"

-DEBIAN_VERSION=12
-DEBIAN_RELEASE=bookworm
+# DEB822 Multi-value Fields (Arrays)
+TYPES=("deb")
+SUITES=("stable")
+COMPONENTS=("main")

-SALT_VERSION=latest 
+# Repo Details
+REPO_URL="https://packages.broadcom.com/artifactory/saltproject-deb/"
+REPO_DOMAIN="packages.broadcom.com"
+KEY_URL="https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public"

-REFRESHED_AT=2024-12-24
+# Pathing
+KEY_DIR="/usr/share/keyrings"
+KEY_FILE="${APP}-archive-keyring.gpg"
+KEY_PATH="${KEY_DIR}/${KEY_FILE}"
+SOURCES_AVAIL="/etc/apt/sources.list-available/${APP}.sources"
+SOURCES_LINK="/etc/apt/sources.list.d/${APP}.sources"
+PROXY_CONF="/etc/apt/apt.conf.d/99${APP}-proxy"

-mkdir -p /etc/apt/sources.list-available
+# --- Setup ---
+sudo mkdir -p "${KEY_DIR}"
+sudo mkdir -p /etc/apt/sources.list-available

-KEY_DIR="/etc/apt/trusted.gpg.d"  # if you don't want to have signed-by in the sources.list
-# KEY_DIR="/etc/apt/keyrings"
-# KEY_FILE=salt-archive-keyring.gpg
-KEY_FILE=salt-archive-keyring-2023.gpg
-# KEY_URL=https://repo.saltproject.io/py3/debian/${DEBIAN_VERSION}/${ARCH}/latest
-KEY_URL=https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public
-SALT_REPO="https://repo.saltproject.io/salt/py3/debian/${DEBIAN_VERSION}/${ARCH}/latest ${DEBIAN_RELEASE} main"
-SALT_REPO="https://packages.broadcom.com/artifactory/saltproject-deb/ stable main"
+# --- Proxy Bypass ---
+echo "Configuring proxy bypass for ${REPO_DOMAIN}..."
+echo "Acquire::HTTP::Proxy::${REPO_DOMAIN} \"DIRECT\";" | sudo tee "${PROXY_CONF}" >/dev/null

-mkdir -p ${KEY_DIR}
+# --- GPG Key Handling & Validation ---
+echo "Downloading GPG key..."
+# Download and dearmor the GPG key
+if curl -fsSL "${KEY_URL}" | sudo gpg --dearmor -o "${KEY_PATH}"; then
+  if [ -s "${KEY_PATH}" ]; then
+    echo "Success: GPG key downloaded and verified."
+  else
+    echo "Error: GPG key file is empty. Check the URL or network." >&2
+    exit 1
+  fi
+else
+  echo "Error: Failed to download or dearmor GPG key." >&2
+  exit 1
+fi

-# sudo curl -fsSL -o ${KEY_DIR}/${KEY_FILE} ${KEY_URL}
+# --- DEB822 Heredoc Function ---
+conf_print_salt_sources() {
+  cat <<EOF
+Enabled: yes
+Types: ${TYPES[*]}
+URIs: ${REPO_URL}
+Suites: ${SUITES[*]}
+Components: ${COMPONENTS[*]}
+Architectures: ${ARCH}
+Signed-By: ${KEY_PATH}
+EOF
+}

-# NB Packages now have dh-systemd deps and --with-systemd treat as debian upstream
-sudo echo "# sudo curl -fsSL -o ${KEY_DIR}/${KEY_FILE} ${KEY_URL}" | sudo tee /etc/apt/sources.list-available/saltstack-${DEBIAN_RELEASE}.list
+# Write to available and symlink to active
+echo "Generating DEB822 source file..."
+conf_print_salt_sources | sudo tee "${SOURCES_AVAIL}" >/dev/null
+sudo ln -sf "${SOURCES_AVAIL}" "${SOURCES_LINK}"

-# echo "deb [signed-by=${KEY_DIR}/salt-archive-keyring.gpg arch=${ARCH}] https://repo.saltproject.io/py3/debian/${DEBIAN_VERSION}/${ARCH}/latest ${DEBIAN_RELEASE} main" | sudo tee /etc/apt/sources.list.d/salt.list
-echo "deb [signed-by=${KEY_DIR}/${KEY_FILE} arch=${ARCH}] ${SALT_REPO}" | sudo tee --append /etc/apt/sources.list-available/saltstack-${DEBIAN_RELEASE}.list
-ln -sf /etc/apt/sources.list-available/saltstack-${DEBIAN_RELEASE}.list /etc/apt/sources.list.d/saltstack-${DEBIAN_RELEASE}.list
+# --- Package Installation ---
+echo "Updating apt cache..."
+sudo apt update

+echo "Installing Salt components..."
+sudo apt install -y \
+  salt-master \
+  salt-minion \
+  salt-ssh \
+  salt-syndic \
+  salt-cloud \
+  salt-api

+# --- Shell Completions ---
+echo "Installing shell completions..."
+sudo mkdir -p /usr/share/bash-completion/completions/
+sudo mkdir -p /usr/share/zsh/vendor-completions/

+sudo curl -sL "https://raw.githubusercontent.com/saltstack/salt/develop/pkg/salt.bash" \
+  -o /usr/share/bash-completion/completions/salt-common

-# Upgrade The System
-apt update
-# && apt -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade -y
+sudo curl -sL "https://raw.githubusercontent.com/saltstack/salt/develop/pkg/zsh_completion.zsh" \
+  -o /usr/share/zsh/vendor-completions/_salt

-
-# salt-api 			- Generic, modular network access system
-# salt-cloud 			- public cloud VM management system
-# salt-common 			- shared libraries that salt requires for all packages
-# salt-doc 			- additional documentation for salt, the distributed remote execution system
-# salt-master 			- remote manager to administer servers via salt
-# salt-minion 			- client package for salt, the distributed remote execution system
-# salt-proxy 			- Proxy client package for salt stack
-# salt-ssh 			- remote manager to administer servers via Salt SSH
-# salt-syndic 			- master-of-masters for salt, the distributed remote execution system
-# salt-formula-kubernetes 	- Salt formula for Kubernetes
-# salt-formula-ceilometer 	- Salt formula for OpenStack Ceilometer
-# salt-formula-cinder 		- Salt formula for OpenStack Cinder
-# salt-formula-glance 		- Salt formula for OpenStack Glance
-# salt-formula-heat 		- Salt formula for OpenStack Heat
-# salt-formula-horizon 		- Salt formula for OpenStack Horizon
-# salt-formula-keystone 	- Salt formula for OpenStack Keystone
-# salt-formula-neutron 		- Salt formula for OpenStack Neutron
-# salt-formula-nova 		- Salt formula for OpenStack Nova
-# salt-formula-swift 		- Salt formula for OpenStack Swift
-
-
-# Install Salt Dependencies
-apt install -y -o "Dpkg::Options::=--force-confold" \
-	python \
-	apt-utils \
-	software-properties-common \
-	python-yaml \
-	python-m2crypto \
-	python-crypto \
-	python-msgpack \
-	python-zmq \
-	python2.7-doc \
-	python-jinja2 \
-	python-requests 
-
-apt install -y salt-minion
-
-# Salt-master
-apt install -yq -o -o "Dpkg::Options::=--force-confold" --no-install-recommends \
-	salt-master \
-	salt-minion \
-	salt-ssh \
-	salt-syndic \
-	salt-cloud \
-	salt-api \
-	reclass \
-	python-apt \
-	python-git \
-	python-openssl \
-	python-cherrypy3 \
-	git \
-	openssh-client \
-	make
-
-# Or get the development version
-# apt upgrade -y -o "Dpkg::Options::=--force-confold" && \
-# apt install -y -o "Dpkg::Options::=--force-confold" curl
-# curl -L https://bootstrap.saltstack.com | sh -s -- -X git develop
-
-# salt-common in debian is missing zsh completions
-# source: http://github.com/saltstack/salt/tree/develop/pkg/ *.{bash,zsh} 
-# FYI: completition provided by salt-common pkg 
-
-test -e /usr/share/bash-completion/completions/salt-common || \
-	curl -sL "https://raw.githubusercontent.com/saltstack/salt/develop/pkg/salt.bash" | tee /usr/share/bash-completion/completions/salt-common 
-
-test -e /usr/share/zsh/vendor-completions/_salt || \
-	curl -sL "https://raw.githubusercontent.com/saltstack/salt/develop/pkg/zsh_completion.zsh" | tee /usr/share/zsh/vendor-completions/_salt 
+echo "SaltStack installation complete."