mirror of
https://github.com/iiab/iiab.git
synced 2025-02-12 19:22:24 +00:00
265 lines
15 KiB
Bash
Executable file
265 lines
15 KiB
Bash
Executable file
#!/bin/bash -e
|
|
# FWIW "-e" tries to exit right away on error:
|
|
# https://tldp.org/LDP/abs/html/options.html
|
|
# https://stackoverflow.com/questions/9952177/whats-the-meaning-of-the-parameter-e-for-bash-shell-command-line/9952249
|
|
|
|
# PLZ SEE http://FAQ.IIAB.IO > "What is Ansible and what version should I use?"
|
|
# https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#female_detective-understanding-ansible
|
|
|
|
APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint
|
|
CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.15.3]
|
|
GOOD_VER=2.15.3 # Orig for 'yum install [rpm]' & XO laptops (pip install)
|
|
|
|
# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and
|
|
# .gpg key etc) are commented out with ### below. Associated guidance/comments
|
|
# are intentionally preserved.
|
|
|
|
# 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive
|
|
# delays in publishing the PPA (.deb installer files) for ansible-core, this
|
|
# file bypasses the apt approach (and associated PPA source) in favor of:
|
|
#
|
|
# pip3 install --upgrade ansible-core
|
|
|
|
# 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either
|
|
# OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible
|
|
|
|
# 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED)
|
|
###if grep -q buster /etc/os-release /etc/debian_version; then
|
|
### CODENAME=bionic # Debian 10, RasPiOS 10 & Buster-like distros
|
|
###else
|
|
### CODENAME=focal # Debian 11+, RasPiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC)
|
|
###fi
|
|
|
|
# APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+):
|
|
# https://www.ansible.com/blog/ansible-3.0.0-qa
|
|
# https://github.com/ansible/ansible/tags
|
|
# https://github.com/ansible/ansible/releases
|
|
# https://github.com/ansible/ansible/commits/stable-2.15
|
|
# https://github.com/ansible/ansible/blob/stable-2.15/changelogs/CHANGELOG-v2.15.rst
|
|
# https://github.com/ansible/ansible/commits/stable-2.14
|
|
# https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst
|
|
# https://github.com/ansible/ansible/commits/stable-2.13
|
|
# https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst
|
|
# https://github.com/ansible/ansible/commits/stable-2.12
|
|
# https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst
|
|
# https://pypi.org/project/ansible-core/
|
|
# https://pypi.org/project/ansible-base/ (OLD)
|
|
# https://releases.ansible.com/ansible-core/ (OLD)
|
|
# https://releases.ansible.com/ansible-base/ (OLD)
|
|
# https://launchpad.net/~ansible
|
|
# https://launchpad.net/~ansible-gha
|
|
# https://launchpad.net/~ansible/+archive/ubuntu/ansible
|
|
# https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 (OLD)
|
|
# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible/ (OLD)
|
|
# http://ppa.launchpad.net/ansible/ansible/ubuntu/pool/main/a/ansible-core/
|
|
|
|
# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743)
|
|
|
|
# IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below
|
|
# ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible:
|
|
|
|
# TEMPORARILY USE pip3 to install the latest ansible-core as listed at
|
|
# https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core")
|
|
#apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv
|
|
#pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works
|
|
#ansible-galaxy collection install -r collections.yml
|
|
|
|
# TEMPORARILY USE ansible-base 2.10.17 (REMOVE W/ "pip3 uninstall ansible-base")
|
|
#apt install python3-pip
|
|
#pip3 install ansible-base==2.10.17 # Start new shell, so /usr/local/bin works
|
|
|
|
# TEMPORARILY USE ANSIBLE 2.9.27 (REMOVE IT WITH "pip3 uninstall ansible")
|
|
#apt install python3-pip
|
|
#pip3 install ansible==2.9.27
|
|
|
|
# TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669
|
|
#echo "Install https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
|
|
#cd /tmp
|
|
#wget https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb
|
|
#apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
# Why 'noninteractive' appears needed:
|
|
# https://github.com/iiab/iiab/issues/564#issuecomment-347264985
|
|
|
|
echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n"
|
|
#echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n'
|
|
|
|
echo -e "RECOMMENDED PREREQUISITES:"
|
|
echo -e "(1) Verify you're online"
|
|
echo -e "(2) Remove all prior versions of Ansible using..."
|
|
echo -e " 'apt purge ansible-core' and/or 'pip3 uninstall ansible-core' and/or"
|
|
echo -e " 'apt purge ansible-base' and/or 'pip3 uninstall ansible-base' and/or"
|
|
echo -e " 'apt purge ansible' and/or 'pip3 uninstall ansible'"
|
|
echo -e "(3) Remove all lines containing 'ansible' from..."
|
|
echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n"
|
|
|
|
echo -e "IIAB INSTALL INSTRUCTIONS: (OLDER, MANUAL APPROACH)"
|
|
echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n"
|
|
|
|
if [ "$(command -v ansible)" ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd"
|
|
CURR_VER=$(ansible --version | head -1 | cut -f 2- -d " ")
|
|
# Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not:
|
|
#CURR_VER=$(ansible --version | head -1 | awk '{print $2}')
|
|
#CURR_VER=$(ansible --version | head -1 | sed -e 's/.* //')
|
|
echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!"
|
|
else
|
|
echo -e "ANSIBLE NOT FOUND ON THIS COMPUTER -- LET'S TRY TO INSTALL IT!"
|
|
fi
|
|
echo -e "(Internet-in-a-Box requests ansible-core $GOOD_VER or higher)\n"
|
|
|
|
# Code above designed to work on all Linux distributions, to preserve options,
|
|
# in support of any volunteer(s) wanting to port IIAB to a new Linux/distro.
|
|
if [ ! -f /etc/debian_version ]; then # e.g. RasPiOS, Ubuntu, Mint & Debian
|
|
echo -e "\nEXITING: /etc/debian_version FILE NOT FOUND. Linux OS support info here:"
|
|
echo -e " https://github.com/iiab/iiab/wiki/IIAB-Platforms\n"
|
|
exit 1
|
|
fi
|
|
|
|
# 2021-04-26: JV & @holta WIP. The apt-key command is going away, and the past
|
|
# practice of putting keys in /etc/apt/trusted.gpg.d is considered insecure:
|
|
# https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html
|
|
# https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key/1307181#1307181
|
|
# So we put .gpg key in repo iiab/iiab, also for reliable installs/containers.
|
|
|
|
#echo -e "\napt update; install dirmngr; PPA to /etc/apt/sources.list.d/iiab-ansible.list\n"
|
|
#$APT_PATH/apt update
|
|
#$APT_PATH/apt -y install dirmngr
|
|
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
|
|
###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
|
|
### > /etc/apt/sources.list.d/iiab-ansible.list
|
|
|
|
# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421)
|
|
#echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main" \
|
|
# > /etc/apt/sources.list.d/iiab-ansible.list
|
|
|
|
# In future we might instead consider 'add-apt-repository ppa:ansible/ansible'
|
|
# or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined
|
|
# removal using 'apt-add-repository -r' -- however that currently requires
|
|
# 'apt install software-properties-common' which drags in a dozen packages we
|
|
# might not want, e.g. unattended-upgrades, packagekit etc.
|
|
|
|
# 2020-08-20: TEMP WORKAROUND (REVERT TO ANSIBLE 2.9.6) MITIGATING
|
|
# iiab/iiab#2481 (Ansible 2.9.12 and 2.10.0's 666-TO-600 file permissions
|
|
# problem). This workaround installs 2.9.6-1ppa~disco onto RasPiOS, from
|
|
# https://launchpad.net/~ansible/+archive/ubuntu/ansible
|
|
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu disco main" \
|
|
# > /etc/apt/sources.list.d/iiab-ansible.list
|
|
|
|
# 2021-04-26: JV & @holta WIP: (see above)
|
|
#echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n'
|
|
#apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
|
|
###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
|
|
#chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg
|
|
|
|
# 2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, until upstream wheels -> cryptography is fixed (PR #3421)
|
|
#cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
|
|
|
|
###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
|
|
###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
|
|
###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
|
|
###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
|
|
###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error)
|
|
|
|
#echo -e "\napt update; apt install python3-pip # Also installs 'python3-setuptools' and 'python3' etc"
|
|
#echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n"
|
|
#$APT_PATH/apt update
|
|
#$APT_PATH/apt -y install python3-pip
|
|
|
|
# 2021-07-29:
|
|
# 'python3-packaging' dropped for now
|
|
# 'python3-pymysql' (drags in 'python3' which drags in 'python3-venv' on Debian 11 but not on Ubuntu 20.04) -- moved to roles/mysql/tasks/install.yml
|
|
# 'python3-psycopg2' moved to roles/postgresql/tasks/install.yml
|
|
# 'python3-passlib' moved to roles/munin/tasks/install.yml
|
|
# 'python3-venv' moved to roles/2-common/tasks/packages.yml
|
|
# 'virtualenv' for Python 2 moved to roles/kalite/tasks/install.yml
|
|
#
|
|
#$APT_PATH/apt -y install \
|
|
# python3-pymysql python3-psycopg2 python3-passlib python3-pip \
|
|
# python3-setuptools python3-packaging python3-venv virtualenv
|
|
|
|
#$APT_PATH/apt -y --allow-downgrades install ansible-core
|
|
|
|
# 2021-10-30: Using pip is messy, leaving behind cached files, so turn off pip
|
|
# cache system-wide before installing:
|
|
# https://stackoverflow.com/questions/9510474/removing-pips-cache/61762308#61762308
|
|
# https://github.com/iiab/iiab/pull/3022
|
|
#pip3 config --global set global.no-cache-dir false
|
|
|
|
#if ! uname -m | grep -q 64; then
|
|
# echo "2022-11-09: ansible-core 2.12.10+ PPA works on 32-bit RasPiOS, using /etc/apt/sources.list.d/iiab-ansible.list, until upstream wheels -> cryptography is fixed (PR #3421)"
|
|
# $APT_PATH/apt -y --allow-downgrades install ansible-core
|
|
# echo -e "\n\n'pip3 install cryptography==39.0.2' will now run:\n"
|
|
# pip3 install --break-system-packages cryptography==39.0.2 || pip3 install cryptography==39.0.2 # PR #3459 https://www.piwheels.org/project/cryptography/ -- WAS 37.0.4 which as of 2023-01-06 was the "latest compatible with ansible-core available via piwheels.org"
|
|
#fi
|
|
|
|
#echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" # REMINDER: ansible-core 2.12 (released 2021-11-08) requires Python >= 3.8
|
|
#pip3 install --break-system-packages --upgrade ansible-core || pip3 install --upgrade ansible-core # PR #3493: Revert to old syntax if pip < 23.0.1, as flag --break-system-packages (for Python 3.11+ / PEP 668) is brand new in Feb 2023: https://github.com/pypa/pip/pull/11780
|
|
|
|
echo -e "\napt update; apt install python3-venv"
|
|
$APT_PATH/apt update
|
|
$APT_PATH/apt -y install python3-venv
|
|
|
|
if [[ $(dpkg --print-architecture) == i386 ]]; then
|
|
# 2023-08-10: Quick+Dirty (BRUTE FORCE) on legacy 32-bit i386 avoids #3547
|
|
# rust/wheels/cryptography compiling mess! DEBIAN 12+ OR SIMILAR REQUIRED!
|
|
$APT_PATH/apt -y install ansible-core # Bookworm ~= ansible-core 2.14.3
|
|
else
|
|
# 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask
|
|
# that virtual environments (venv) be used to safely isolate pip installs:
|
|
# https://peps.python.org/pep-0668
|
|
echo -e "\nCreate virtual environment for Ansible"
|
|
python3 -m venv /usr/local/ansible
|
|
|
|
# "if not ubuntu" (covers RasPiOS & Debian) would also work, but is overbroad:
|
|
# if ! grep -qi ubuntu /etc/os-release; then
|
|
#
|
|
# if [ -f /etc/rpi-issue ] && [[ $(dpkg --print-architecture) == armhf ]]; then
|
|
#
|
|
# 2023-03-24 #3547 similar to #3459 re: cryptography, piwheels, rust.
|
|
# Release problems chart: https://www.piwheels.org/project/cryptography/
|
|
# if ! dpkg --print-architecture | grep -q 64; then # 32-bit in general!
|
|
if [[ $(dpkg --print-architecture) == armhf ]]; then # 32-bit ARM
|
|
/usr/local/ansible/bin/python3 -m pip install cryptography==40.0.1
|
|
# else
|
|
# # 2023-08-10: 'apt install rustc pkg-config libssl-dev' was not enough!
|
|
# # So we use apt to install cryptography 38.0.4 for Debian 12.1 -- where
|
|
# # `dpkg --print-architecture` was i386 and `uname -m` was i686:
|
|
# $APT_PATH/apt -y install python3-cryptography
|
|
fi
|
|
|
|
# 2023-05-22: 2.14.6 was better than 2.15.0 for FreePBX (#3588, ansible/ansible#80863)
|
|
/usr/local/ansible/bin/python3 -m pip install --upgrade ansible-core
|
|
echo -e "\nCreate symlinks /usr/local/bin/ansible* -> /usr/local/ansible/bin/ansible*"
|
|
cd /usr/local/ansible/bin
|
|
for bin in ansible*; do
|
|
ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin"
|
|
done
|
|
fi
|
|
|
|
# (Re)running collection installs appears safe, with --force-with-deps to force
|
|
# upgrade of collection and dependencies it pulls in. Note Ansible may support
|
|
# explicit upgrading of collections (--upgrade / -U flag) in version "2.11"
|
|
# with PR ansible/ansible#73336. See also IIAB PRs #2647 #2652 #2653 #2655.
|
|
echo -e "\n\nIIAB requires these ~4 Ansible Collections: (we upgrade them here if possible!)\n"
|
|
ansible-galaxy collection install --force-with-deps \
|
|
-r /opt/iiab/iiab/collections.yml \
|
|
-p /usr/share/ansible/collections
|
|
# 2021-02-24: 'ansible-galaxy collection list' lists those installed. (#2659)
|
|
# 2020-11-28: The ~3 Ansible Collections used by IIAB (~37MB) once lived here:
|
|
# /root/.ansible/collections/ansible_collections
|
|
# But going forward they'll be stored herein: [~24MB for 4 Collections as of 2021-05-19]
|
|
# /usr/share/ansible/collections/ansible_collections
|
|
|
|
# 2021-04-19: No longer needed, per PR #2743 testing
|
|
#echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n"
|
|
#mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible
|
|
#echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts
|
|
|
|
echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n"
|
|
echo -e " ansible --version"
|
|
echo -e " /usr/local/ansible/bin/pip3 show ansible-core"
|
|
echo -e " pip3 show ansible-core"
|
|
echo -e ' apt -a list "ansible*"'
|
|
echo -e " ansible-galaxy collection list\n"
|
|
echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n"
|