#!/bin/bash -e # FWIW "-e" tries to exit right away on error: # https://tldp.org/LDP/abs/html/options.html # https://stackoverflow.com/questions/9952177/whats-the-meaning-of-the-parameter-e-for-bash-shell-command-line/9952249 # PLZ SEE http://FAQ.IIAB.IO > "What is Ansible and what version should I use?" # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.18.0] GOOD_VER=2.18.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments # are intentionally preserved. # 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive # delays in publishing the PPA (.deb installer files) for ansible-core, this # file bypasses the apt approach (and associated PPA source) in favor of: # # pip3 install --upgrade ansible-core # 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either # OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) ###if grep -q buster /etc/os-release /etc/debian_version; then ### CODENAME=bionic # Debian 10, RasPiOS 10 & Buster-like distros ###else ### CODENAME=focal # Debian 11+, RasPiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) ###fi # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases # https://github.com/ansible/ansible/commits/stable-2.17 # https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst # https://github.com/ansible/ansible/commits/stable-2.16 # https://github.com/ansible/ansible/blob/stable-2.16/changelogs/CHANGELOG-v2.16.rst # https://github.com/ansible/ansible/commits/stable-2.15 # https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst # https://github.com/ansible/ansible/commits/stable-2.14 # https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst # https://github.com/ansible/ansible/commits/stable-2.13 # https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 # https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst # https://pypi.org/project/ansible-core/ # https://pypi.org/project/ansible-base/ (OLD) # https://releases.ansible.com/ansible-core/ (OLD) # https://releases.ansible.com/ansible-base/ (OLD) # https://launchpad.net/~ansible # https://launchpad.net/~ansible-gha # https://launchpad.net/~ansible/+archive/ubuntu/ansible # https://launchpad.net/~ansible/+archive/ubuntu/ansible/+packages # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD) # http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/ # FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743) # IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below # ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible: # TEMPORARILY USE pip3 to install the latest ansible-core as listed at # https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core") #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv #pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml # TEMPORARILY USE ansible-base 2.10.17 (REMOVE W/ "pip3 uninstall ansible-base") #apt install python3-pip #pip3 install ansible-base==2.10.17 # Start new shell, so /usr/local/bin works # TEMPORARILY USE ANSIBLE 2.9.27 (REMOVE IT WITH "pip3 uninstall ansible") #apt install python3-pip #pip3 install ansible==2.9.27 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 #echo "Install https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" #cd /tmp #wget https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb #apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb export DEBIAN_FRONTEND=noninteractive # Why 'noninteractive' appears needed: # https://github.com/iiab/iiab/issues/564#issuecomment-347264985 echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n" #echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n' echo -e "RECOMMENDED PREREQUISITES:" echo -e "(1) Verify you're online" echo -e "(2) Remove all prior versions of Ansible using..." echo -e " 'apt purge ansible-core' and/or 'pip3 uninstall ansible-core' and/or" #echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or" echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'" #echo -e "(3) Remove all lines containing 'ansible' from..." #echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" #echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)" #echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ") # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_VER=$(ansible --version | head -1 | awk '{print $2}') #CURR_VER=$(ansible --version | head -1 | sed -e 's/.* //') echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!" else echo -e "ANSIBLE NOT FOUND ON THIS COMPUTER -- LET'S TRY TO INSTALL IT!" fi echo -e "(Internet-in-a-Box requests ansible-core $GOOD_VER or higher)\n" # Code above designed to work on all Linux distributions, to preserve options, # in support of any volunteer(s) wanting to port IIAB to a new Linux/distro. if [ ! -f /etc/debian_version ]; then # e.g. RasPiOS, Ubuntu, Mint & Debian echo -e "\nEXITING: /etc/debian_version FILE NOT FOUND. Linux OS support info here:" echo -e " https://github.com/iiab/iiab/wiki/IIAB-Platforms\n" exit 1 fi # 2021-04-26: JV & @holta WIP. The apt-key command is going away, and the past # practice of putting keys in /etc/apt/trusted.gpg.d is considered insecure: # https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html # https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key/1307181#1307181 # So we put .gpg key in repo iiab/iiab, also for reliable installs/containers. #echo -e "\napt update; install dirmngr; PPA to /etc/apt/sources.list.d/iiab-ansible.list\n" #$APT_PATH/apt update #$APT_PATH/apt -y install dirmngr #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ ###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ ### > /etc/apt/sources.list.d/iiab-ansible.list # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) #echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \ # > /etc/apt/sources.list.d/iiab-ansible.list # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined # removal using 'apt-add-repository -r' -- however that currently requires # 'apt install software-properties-common' which drags in a dozen packages we # might not want, e.g. unattended-upgrades, packagekit etc. # 2020-08-20: TEMP WORKAROUND (REVERT TO ANSIBLE 2.9.6) MITIGATING # iiab/iiab#2481 (Ansible 2.9.12 and 2.10.0's 666-TO-600 file permissions # problem). This workaround installs 2.9.6-1ppa~disco onto RasPiOS, from # https://launchpad.net/~ansible/+archive/ubuntu/ansible #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu disco main" \ # > /etc/apt/sources.list.d/iiab-ansible.list # 2021-04-26: JV & @holta WIP: (see above) #echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n' #apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367 ###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg # 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421) #cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' ###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" ###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) #echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc" #echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" #$APT_PATH/apt update #$APT_PATH/apt -y install python3-pip # 2021-07-29: # 'python3-packaging' dropped for now # 'python3-pymysql' (drags in 'python3' which drags in 'python3-venv' on Debian 11 but not on Ubuntu 20.04) -- moved to roles/mysql/tasks/install.yml # 'python3-psycopg2' moved to roles/postgresql/tasks/install.yml # 'python3-passlib' moved to roles/munin/tasks/install.yml # 'python3-venv' moved to roles/2-common/tasks/packages.yml # 'virtualenv' for Python 2 moved to roles/kalite/tasks/install.yml # #$APT_PATH/apt -y install \ # python3-pymysql python3-psycopg2 python3-passlib python3-pip \ # python3-setuptools python3-packaging python3-venv virtualenv #$APT_PATH/apt -y --allow-downgrades install ansible-core # 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip # cache system-wide before installing: # https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308 # https://github.com/iiab/iiab/pull/3022 #pip3 config --global set global.no-cache-dir false #if ! uname -m | grep -q 64; then # echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)" # $APT_PATH/apt -y --allow-downgrades install ansible-core # echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n" # pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org" #fi #echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8 #pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780 echo -e "\napt update; apt install python3-venv" $APT_PATH/apt update $APT_PATH/apt -y install python3-venv # 2023-09-08 PR #3634: 'apt install ansible-core' is overweight, but works on # "32-bit" RasPiOS 12 (@EMG70 set 'arm_64bit=0' in /boot/config.txt per #3516 # to force boot its 32-bit kernel; its 64-bit kernel should work too!) # IN SHORT: This ugly hack appears sufficient for all "32-bit" Bookworm+ OS's # (similar to 32-bit Debian 12 on AMD/Intel a month ago, i.e. PR #3617). # 2023-09-10 PR #3637: Even safer test than querying for Debian 12+ -- verify # that apt package ansible-core is truly available: #if ! dpkg --print-architecture | grep -q 64 && apt-cache show ansible-core > /dev/null; then #if ! dpkg --print-architecture | grep -q 64 && ! grep -q ^11 /etc/debian_version; then # 2023-09-10 PR #3632: Revert above #3634 and #3637 trying /etc/pip.conf w/ cryptography 41.0.3 if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core > /dev/null; then # 2023-08-10 #3613/#3615/#3617: apt-not-pip kludge for legacy 32-bit i386 # (DEBIAN 12+ ETC) avoids #3547 rust/wheels/cryptography compiling mess! $APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3 else # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask # that virtual environments (venv) be used to safely isolate pip installs: # https://peps.python.org/pep-0668 # 2023-09-08: NEW WAY ANSIBLE RECOMMENDS? https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html # $APT_PATH/apt -y install pipx # Typically adds 50+ packages! # pipx install ansible-core # pipx ensurepath # Adds /root/.local/bin to $PATH -- next time you open a shell -- e.g. for /root/.local/bin/ansible -> /root/.local/pipx/venvs/ansible-core/bin/ansible # Or, to install package globally for multi-user access: (pypa/pipx#754) # PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install ansible-core # 2023-10-11: RasPiOS Bookworm doc for Python with venv (PEP 668 now enforced!) # https://www.raspberrypi.com/documentation/computers/os.html#python-on-raspberry-pi # https://www.raspberrypi.com/documentation/computers/os.html#using-pip-with-virtual-environments echo -e "\nCreate virtual environment for Ansible" python3 -m venv /usr/local/ansible # 2023-09-10: Work around #3526 "32-bit" RasPiOS 12 pre-release issue... # 'Package issue: cryptography 41.0.3 leads to cffi 1.15.1 failure on # "32-bit" Raspberry Pi OS [REASON: /etc/pip.conf missing on some Bookworm # pre-releases' == https://github.com/piwheels/packages/issues/390 if ! [ -f /etc/pip.conf ] && [ -f /etc/rpi-issue ]; then cat > /etc/pip.conf << EOF [global] extra-index-url=https://www.piwheels.org/simple EOF fi # "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad: # if ! grep -qi ubuntu /etc/os-release; then # # if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then # # 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust. # Release problems chart: https://www.piwheels.org/project/cryptography/ # if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general! # 2023-09-07: Commenting out cryptography 40.0.1 below, as @EMG70 evaluates # new upstream piwheels fix (e.g. cryptography 41.0.3 for now) # on pre-release 32-bit RasPiOS 12... (#3526) # if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM # # 2023-09-30: cryptography 40.0.1 and 41.0.4 both fail for now, see #3650 # $APT_PATH/apt -y install libffi-dev python3-dev # /usr/local/ansible/bin/python3 -m pip install cryptography==41.0.3 # # else # # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough! # # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where # # `dpkg --print-architecture` was i386 and `uname -m` was i686: # # $APT_PATH/apt -y install python3-cryptography # fi # 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863) # 2023-10-01 #3650: --prefer-binary or --only-binary ensure you get wheels, # even if they're not the very latest release -- thereby avoiding compiling # messes -- and obviating the need for these 2: (above, both commented out) # - 'apt -y install libffi-dev python3-dev' # - painstaking pinning of cryptography or cffi (etc) to older version #s /usr/local/ansible/bin/python3 -m pip install --prefer-binary --upgrade ansible-core echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*" cd /usr/local/ansible/bin for bin in ansible*; do ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin" done fi # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support # explicit upgrading of collections (--upgrade / -U flag) in version "2.11" # with PR ansible/ansible#73336. See also IIAB PRs #2647 #2652 #2653 #2655. echo -e "\n\nIIAB requires these ~4 Ansible Collections: (we upgrade them here if possible!)\n" ansible-galaxy collection install --force-with-deps \ -r /opt/iiab/iiab/collections.yml \ -p /usr/share/ansible/collections # 2021-02-24: 'ansible-galaxy collection list' lists those installed. (#2659) # 2020-11-28: The ~3 Ansible Collections used by IIAB (~37MB) once lived here: # /root/.ansible/collections/ansible_collections # But going forward they'll be stored herein: [~24MB for 4 Collections as of 2021-05-19] # /usr/share/ansible/collections/ansible_collections # 2021-04-19: No longer needed, per PR #2743 testing #echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n" #mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible #echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " /usr/local/ansible/bin/pip3 show ansible-core" echo -e ' apt -a list "ansible*"' echo -e " ansible-galaxy collection list\n\n" #echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n"