From 3ece8ebd5de11c0063c9d9cf03442644cf31dc9b Mon Sep 17 00:00:00 2001 From: Justin Rich Date: Mon, 9 Oct 2023 14:48:45 -0700 Subject: [PATCH 1/7] update for service monitor --- install-linux.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/install-linux.sh b/install-linux.sh index 91a6b41..909aabb 100755 --- a/install-linux.sh +++ b/install-linux.sh @@ -173,6 +173,8 @@ do_rpm_install(){ if rpm -q cyral-sidecar > /dev/null 2>&1; then echo "Removing existing installation..." rpm -e --erase cyral-sidecar > /dev/null 2>&1 + rm -f "$(grep "discovery-database" /etc/cyral/cyral-service-monitor/config.yaml 2>/dev/null| awk '{print $2}')" + rm -f /etc/cyral/conf.d/sidecar.db fi echo "Installing sidecar..." rpm -U --force "${INSTALL_PACKAGE}" 2>/dev/null @@ -182,6 +184,8 @@ do_dpkg_install(){ if dpkg -s cyral-sidecar > /dev/null 2>&1; then echo "Removing existing installation..." dpkg -r cyral-sidecar > /dev/null 2>&1 + rm -f "$(grep "discovery-database" /etc/cyral/cyral-service-monitor/config.yaml 2>/dev/null| awk '{print $2}')" + rm -f /etc/cyral/conf.d/sidecar.db fi echo "Installing sidecar..." dpkg -i --force-all "${INSTALL_PACKAGE}" 2>/dev/null @@ -281,6 +285,7 @@ update_config_files () { sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-pg-wire/config.yaml sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-s3-wire/config.yaml sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-certificate-manager/config.yaml + sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-service-monitor/config.yaml sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-dynamodb-wire/config.yaml sed -i "/^SIDECAR_ID=/c\SIDECAR_ID=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-sidecar-exporter sed -i "/^CYRAL_PUSH_CLIENT_FQDN=/c\CYRAL_PUSH_CLIENT_FQDN=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-push-client From 1b13383aaf98ca9174ca03a29c0bdcdd9159a382 Mon Sep 17 00:00:00 2001 From: Justin Rich Date: Mon, 30 Oct 2023 09:50:46 -0700 Subject: [PATCH 2/7] minor refactor --- install-linux.sh | 127 +++++++++++++++++++++++------------------------ 1 file changed, 61 insertions(+), 66 deletions(-) diff --git a/install-linux.sh b/install-linux.sh index 909aabb..a76ffad 100755 --- a/install-linux.sh +++ b/install-linux.sh @@ -11,16 +11,6 @@ get_os_type () { echo "$detected_os" } -define_route () { - if [ "$1" = "ubuntu" ]; then - ROUTE="deb" - else - ROUTE="rpm" - fi - - BINARIES_NAME=cyral-sidecar.$ROUTE -} - # This is our usage details print_usage () { echo " @@ -139,37 +129,9 @@ get_os_major_version_id () { echo "$detected_version_id" } -# Check to make sure we support the Linux version -# For now, these are checks for known incompatible versions -check_os_version () { - OS_VERSION="$(get_os_major_version_id)" - # Check for OracleLinux less than 8.x - if [ "$1" = "ol" ] && [ "$OS_VERSION" -lt 8 ]; then - install_error "Unsupported OracleLinux Version: Detected Version < 8.x" - fi -} - -# This is to perform installation tasks specific to Ubuntu / Debian -install_ubuntu () { - echo "Doing an Ubuntu Install" - sleep 2 - do_dpkg_install -} - -# This is to perform installation tasks specific to Red Hat / CentOS -install_rhel () { - echo "Doing a Red Hat Install" - sleep 2 - do_rpm_install -} - -install_amzn () { - echo "Doing a Amazon Linux Install" - sleep 2 - do_rpm_install -} - do_rpm_install(){ + get_package "rpm" + sleep 2 if rpm -q cyral-sidecar > /dev/null 2>&1; then echo "Removing existing installation..." rpm -e --erase cyral-sidecar > /dev/null 2>&1 @@ -181,6 +143,8 @@ do_rpm_install(){ } do_dpkg_install(){ + get_package "deb" + sleep 2 if dpkg -s cyral-sidecar > /dev/null 2>&1; then echo "Removing existing installation..." dpkg -r cyral-sidecar > /dev/null 2>&1 @@ -194,16 +158,26 @@ do_dpkg_install(){ # Perform an install of the sidecar package do_install () { if [ "$1" = "rhel" ]; then - install_rhel + echo "Doing a Red Hat Install" + do_rpm_install elif [ "$1" = "ubuntu" ]; then - install_ubuntu + echo "Doing an Ubuntu Install" + do_dpkg_install elif [ "$1" = "centos" ]; then - install_rhel + echo "Doing a Centos Install" + do_rpm_install elif [ "$1" = "amzn" ]; then - install_amzn - elif [ "$1" = "ol" ]; then - check_os_version "$1" - install_rhel + echo "Doing a Amazon Linux Install" + do_rpm_install + elif [ "$1" = "rocky" ]; then # rocky - cent based + echo "Doing a Rocky Linux Install" + do_rpm_install + elif [ "$1" = "ol" ]; then # oracle + OS_VERSION="$(get_os_major_version_id)" + if [ "$OS_VERSION" -lt 8 ]; then + install_error "Unsupported OracleLinux Version: Detected Version < 8.x" + fi + do_rpm_install else install_error "Unsupported Platform" fi @@ -273,24 +247,37 @@ update_config_files () { sed -i "/^http-gateway-address:/c\http-gateway-address: \"${CYRAL_CONTROL_PLANE}:$CYRAL_CONTROL_PLANE_HTTPS_PORT\"" /etc/cyral/cyral-forward-proxy/config.yaml sed -i "/^token-url:/c\token-url: \"https://${CYRAL_CONTROL_PLANE}:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token\"" /etc/cyral/cyral-forward-proxy/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-forward-proxy/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-authenticator/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-sqlserver-wire/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-oracle-wire/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-alerter/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-dispatcher/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-dremio-wire/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-mongodb-wire/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-mysql-wire/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-pg-wire/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-s3-wire/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-certificate-manager/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-service-monitor/config.yaml - sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-dynamodb-wire/config.yaml + + for config_file in /etc/cyral/*/config.yaml; do + sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" "$config_file" + done + sed -i "/^SIDECAR_ID=/c\SIDECAR_ID=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-sidecar-exporter sed -i "/^CYRAL_PUSH_CLIENT_FQDN=/c\CYRAL_PUSH_CLIENT_FQDN=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-push-client - sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-sidecar-exporter/config.yaml + + if [ -f "/etc/cyral/cyral-sidecar-exporter/config.yaml" ]; then + sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-sidecar-exporter/config.yaml + fi + + # Configure service monitor + if [ -f "/etc/cyral/cyral-service-monitor/config.yaml" ]; then + + if [ -n "$PRIMARY_IP" ]; then + primary_ip="$PRIMARY_IP" + else + # Attempt to get the primary IP address using hostname -I + if ! primary_ip=$(hostname -I | awk '{print $1}'); then + # If hostname -I fails, try ifconfig + if ! primary_ip=$(ifconfig | awk '/inet / {print $2; exit}' | cut -d':' -f2); then + primary_ip="No_IP" + fi + fi + fi + + sed -i "/^instance-id:/c\instance-id: \"${primary_ip}\"" /etc/cyral/cyral-service-monitor/config.yaml + sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-service-monitor/config.yaml + fi # Fixes for multiple services using the same repo sed -i "/^metrics-port:/c\metrics-port: 9038" /etc/cyral/cyral-dynamodb-wire/config.yaml @@ -380,6 +367,16 @@ generate_post_data () { EOF } +get_package () { + if [ -z "$INSTALL_PACKAGE" ] ; then + ROUTE=$1 + BINARIES_NAME=cyral-sidecar.$ROUTE + download_package + else + echo "Using provided package $INSTALL_PACKAGE" + fi +} + download_package () { echo "Getting access to the Control Plane" @@ -482,7 +479,7 @@ if ! command -v jq &> /dev/null; then fi OS_TYPE="$(get_os_type)" -define_route "$OS_TYPE" + # Handle the arguments that were provided while test $# -gt 0; do @@ -498,8 +495,6 @@ done get_config -if [ -z "$INSTALL_PACKAGE" ] ; then - download_package -fi + do_install "$OS_TYPE" From cee79b5a06b4201571602a8fb34402ac52a626c4 Mon Sep 17 00:00:00 2001 From: Justin Rich Date: Tue, 31 Oct 2023 11:03:45 -0700 Subject: [PATCH 3/7] add instance id control --- install-linux.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/install-linux.sh b/install-linux.sh index a76ffad..fc23d74 100755 --- a/install-linux.sh +++ b/install-linux.sh @@ -263,8 +263,8 @@ update_config_files () { # Configure service monitor if [ -f "/etc/cyral/cyral-service-monitor/config.yaml" ]; then - if [ -n "$PRIMARY_IP" ]; then - primary_ip="$PRIMARY_IP" + if [ -n "$SIDECAR_INSTANCE_ID" ]; then + primary_ip="$SIDECAR_INSTANCE_ID" else # Attempt to get the primary IP address using hostname -I if ! primary_ip=$(hostname -I | awk '{print $1}'); then @@ -276,12 +276,17 @@ update_config_files () { fi sed -i "/^instance-id:/c\instance-id: \"${primary_ip}\"" /etc/cyral/cyral-service-monitor/config.yaml - sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-service-monitor/config.yaml + sed -i "/^deployed-version:/c\deployed-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-service-monitor/config.yaml fi # Fixes for multiple services using the same repo - sed -i "/^metrics-port:/c\metrics-port: 9038" /etc/cyral/cyral-dynamodb-wire/config.yaml - sed -i "/^metrics-port:/c\metrics-port: 9024" /etc/cyral/cyral-s3-wire/config.yaml + if [ -f "/etc/cyral/cyral-dynamodb-wire/config.yaml" ]; then + sed -i "/^metrics-port:/c\metrics-port: 9038" /etc/cyral/cyral-dynamodb-wire/config.yaml + fi + + if [ -f "/etc/cyral/cyral-s3-wire/config.yaml" ]; then + sed -i "/^metrics-port:/c\metrics-port: 9024" /etc/cyral/cyral-s3-wire/config.yaml + fi # Just in case tls is disabled we'll force it enabled sed -i "/^tls-type:/c\tls-type: \"tls\"" /etc/cyral/cyral-forward-proxy/config.yaml @@ -404,7 +409,7 @@ download_package () { echo "Error: Status code $DOWNLOAD_STATUS when downloading binaries" exit 1 else - echo "Binaries were downloaded correctly." + echo "Binaries were successfully downloaded." fi INSTALL_PACKAGE=$BINARIES_NAME } From 7e135b2b29ee14524efb3bd57c55d522fbbd0198 Mon Sep 17 00:00:00 2001 From: Justin Rich Date: Thu, 2 Nov 2023 12:52:53 -0700 Subject: [PATCH 4/7] refactor structure --- install-linux.sh | 119 +++++++++++++++++++---------------------------- 1 file changed, 49 insertions(+), 70 deletions(-) diff --git a/install-linux.sh b/install-linux.sh index fc23d74..eb06f22 100755 --- a/install-linux.sh +++ b/install-linux.sh @@ -93,35 +93,6 @@ install_error () { exit 2 } -pre_update_tasks () { # double check echos - # We need some additional configuration values in the exporter config.yaml - if ! grep -q sidecar-id /etc/cyral/cyral-sidecar-exporter/config.yaml; then - echo "sidecar-id:" >> /etc/cyral/cyral-sidecar-exporter/config.yaml - fi - - if ! grep -q controlplane-host /etc/cyral/cyral-sidecar-exporter/config.yaml; then - echo "controlplane-host: localhost" >> /etc/cyral/cyral-sidecar-exporter/config.yaml - fi - - if ! grep -q controlplane-port /etc/cyral/cyral-sidecar-exporter/config.yaml; then - echo "controlplane-port: 8068" >> /etc/cyral/cyral-sidecar-exporter/config.yaml - fi - -} - -post_update_tasks () { - # The port is wrong here so it needs to be corrected - sed -i "s/8050/8069/" /etc/default/cyral-push-client - - # We need to add a sleep in the push proxy service file so it doesn't come up before the forward proxy connects - # TODO :: Figure out proper way to do this in the push-client repo - sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 60\"" /usr/lib/systemd/system/cyral-push-client.service - - # Making sure we add in our file descriptor limits to the wires and dispatcher - ENG-8504 - sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-dispatcher.service - sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-*wire.service -} - # This is to check the /etc/ directory for any "release" related files to find the Linux distribution version get_os_major_version_id () { local detected_version_id @@ -239,7 +210,32 @@ update_config_files () { local META_STRING="\{${SPECIAL_QUOTE}clientId${SPECIAL_QUOTE}:${SPECIAL_QUOTE}${CYRAL_SIDECAR_CLIENT_ID_CLEAN}${SPECIAL_QUOTE},${SPECIAL_QUOTE}clientSecret${SPECIAL_QUOTE}:${SPECIAL_QUOTE}${CYRAL_SIDECAR_CLIENT_SECRET}${SPECIAL_QUOTE}\}" - pre_update_tasks + seconfig="/etc/cyral/cyral-sidecar-exporter/config.yaml" + if [ -f "$seconfig" ]; then + # We need to remove the CYRAL_SIDECAR_EXPORTER_ from the beginning of the env vars in cyral-sidecar-exporter + sed -i "s/^CYRAL_SIDECAR_EXPORTER_//" /etc/default/cyral-sidecar-exporter + sed -i "/^SIDECAR_ID=/c\SIDECAR_ID=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-sidecar-exporter + + sed -i "s/^controlplane_host:/controlplane-host:/" "$seconfig" + sed -i "s/^controlplane_port:/controlplane-port:/" "$seconfig" + + if ! grep -q sidecar-id "$seconfig"; then + echo "sidecar-id:" >> "$seconfig" + fi + + if ! grep -q controlplane-host "$seconfig"; then + echo "controlplane-host: localhost" >> "$seconfig" + fi + + if ! grep -q controlplane-port "$seconfig"; then + echo "controlplane-port: 8068" >> "$seconfig" + fi + sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" "$seconfig" + fi + + # Forward Proxy Config + # Just in case tls is disabled we'll force it enabled + sed -i "/^tls-type:/c\tls-type: \"tls\"" /etc/cyral/cyral-forward-proxy/config.yaml sed -i "/^secret-manager-type:/c\secret-manager-type: \"direct\"" /etc/cyral/cyral-forward-proxy/config.yaml sed -i "/^secret-manager-meta:/c\secret-manager-meta: \"${META_STRING}\"" /etc/cyral/cyral-forward-proxy/config.yaml @@ -247,52 +243,56 @@ update_config_files () { sed -i "/^http-gateway-address:/c\http-gateway-address: \"${CYRAL_CONTROL_PLANE}:$CYRAL_CONTROL_PLANE_HTTPS_PORT\"" /etc/cyral/cyral-forward-proxy/config.yaml sed -i "/^token-url:/c\token-url: \"https://${CYRAL_CONTROL_PLANE}:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token\"" /etc/cyral/cyral-forward-proxy/config.yaml - + # apply to all for config_file in /etc/cyral/*/config.yaml; do sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" "$config_file" done - sed -i "/^SIDECAR_ID=/c\SIDECAR_ID=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-sidecar-exporter - sed -i "/^CYRAL_PUSH_CLIENT_FQDN=/c\CYRAL_PUSH_CLIENT_FQDN=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-push-client + # Push Client Config + if [ -f "/etc/default/cyral-push-client" ]; then + sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 30\"" /usr/lib/systemd/system/cyral-push-client.service + sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 60\"" /usr/lib/systemd/system/cyral-push-client.service + # We need to get rid of the CYRAL_PUSH_CLIENT_STORAGE_ from push-client + sed -i "s/^CYRAL_PUSH_CLIENT_STORAGE_//" /etc/default/cyral-push-client + sed -i "/^CYRAL_PUSH_CLIENT_FQDN=/c\CYRAL_PUSH_CLIENT_FQDN=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-push-client + # fix legacy ports + sed -i "s/8050/8069/" /etc/default/cyral-push-client - - if [ -f "/etc/cyral/cyral-sidecar-exporter/config.yaml" ]; then - sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-sidecar-exporter/config.yaml fi - - # Configure service monitor + + # Service Monitor Config if [ -f "/etc/cyral/cyral-service-monitor/config.yaml" ]; then if [ -n "$SIDECAR_INSTANCE_ID" ]; then - primary_ip="$SIDECAR_INSTANCE_ID" + instance_id="$SIDECAR_INSTANCE_ID" else # Attempt to get the primary IP address using hostname -I - if ! primary_ip=$(hostname -I | awk '{print $1}'); then + if ! instance_id=$(hostname -I | awk '{print $1}'); then # If hostname -I fails, try ifconfig - if ! primary_ip=$(ifconfig | awk '/inet / {print $2; exit}' | cut -d':' -f2); then - primary_ip="No_IP" + if ! instance_id=$(ifconfig | awk '/inet / {print $2; exit}' | cut -d':' -f2); then + instance_id="No_IP" fi fi fi - sed -i "/^instance-id:/c\instance-id: \"${primary_ip}\"" /etc/cyral/cyral-service-monitor/config.yaml + sed -i "/^instance-id:/c\instance-id: \"${instance_id}\"" /etc/cyral/cyral-service-monitor/config.yaml sed -i "/^deployed-version:/c\deployed-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-service-monitor/config.yaml fi + # Wire Specific additional configs # Fixes for multiple services using the same repo if [ -f "/etc/cyral/cyral-dynamodb-wire/config.yaml" ]; then sed -i "/^metrics-port:/c\metrics-port: 9038" /etc/cyral/cyral-dynamodb-wire/config.yaml fi - + if [ -f "/etc/cyral/cyral-s3-wire/config.yaml" ]; then sed -i "/^metrics-port:/c\metrics-port: 9024" /etc/cyral/cyral-s3-wire/config.yaml fi - - # Just in case tls is disabled we'll force it enabled - sed -i "/^tls-type:/c\tls-type: \"tls\"" /etc/cyral/cyral-forward-proxy/config.yaml - + # Making sure we add in our file descriptor limits to the wires and dispatcher - ENG-8504 + sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-*wire.service + sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-dispatcher.service set_advanced_config - post_update_tasks + } disable_unsupported_services () { @@ -326,27 +326,9 @@ restart_services () { (cd /;systemctl restart cyral-*) # without this it will use the filenames local to it } -# TODO :: Remove this once Epic complete -pre_epic_tasks () { - # We need to remove the CYRAL_SIDECAR_EXPORTER_ from the beginning of the env vars in cyral-sidecar-exporter - sed -i "s/^CYRAL_SIDECAR_EXPORTER_//" /etc/default/cyral-sidecar-exporter - - # We need to add a sleep in the push proxy service file so it doesn't come up before the forward proxy connects - # TODO :: Figure out proper way to do this in the push-client repo - sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 30\"" /usr/lib/systemd/system/cyral-push-client.service - - # Need to fix the variable for control plane host and port Ref, ENG-7352 - sed -i "s/^controlplane_host:/controlplane-host:/" /etc/cyral/cyral-sidecar-exporter/config.yaml - sed -i "s/^controlplane_port:/controlplane-port:/" /etc/cyral/cyral-sidecar-exporter/config.yaml - - # We need to get rid of the CYRAL_PUSH_CLIENT_STORAGE_ from push-client - sed -i "s/^CYRAL_PUSH_CLIENT_STORAGE_//" /etc/default/cyral-push-client -} - # Perform all Post Installation Tasks do_post_install () { echo "Running Post Install Tasks..." - pre_epic_tasks if [ -n "$CYRAL_REPOSITORIES_SUPPORTED" ]; then disable_unsupported_services fi @@ -499,7 +481,4 @@ while test $# -gt 0; do done get_config - - - do_install "$OS_TYPE" From 33944572c4e1c4d9c0101d02706bebc993796770 Mon Sep 17 00:00:00 2001 From: Justin Rich Date: Fri, 3 Nov 2023 10:36:18 -0700 Subject: [PATCH 5/7] tweak for stability --- install-linux.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install-linux.sh b/install-linux.sh index eb06f22..5bbdfd5 100755 --- a/install-linux.sh +++ b/install-linux.sh @@ -333,6 +333,7 @@ do_post_install () { disable_unsupported_services fi update_config_files + sleep 3 # some os's (ubuntu) seem to have a problem if this is too quick restart_services } From e26c8e014ab5dd488d916743707caa4209d79c7e Mon Sep 17 00:00:00 2001 From: gabriel Date: Wed, 24 Jan 2024 21:09:03 -0300 Subject: [PATCH 6/7] Update rpm/deb download link --- install-linux.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-linux.sh b/install-linux.sh index 5bbdfd5..01d26da 100755 --- a/install-linux.sh +++ b/install-linux.sh @@ -386,7 +386,7 @@ download_package () { fi echo "Downloading the binaries" - DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/templates/download/$ROUTE/$CYRAL_SIDECAR_VERSION" -H "authorization: Bearer $ACCESS_TOKEN" --output $BINARIES_NAME) + DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "public.cyral.com/packages/$CYRAL_SIDECAR_VERSION/x86-64/$ROUTE/sidecar.$ROUTE" --output $BINARIES_NAME) if [[ "$DOWNLOAD_STATUS" -ne 200 ]] ; then echo "Error: Status code $DOWNLOAD_STATUS when downloading binaries" From 4e3f4d5a173e684c6fc6e84b44ee973c9fbab319 Mon Sep 17 00:00:00 2001 From: gabriel Date: Fri, 26 Jan 2024 15:57:03 -0300 Subject: [PATCH 7/7] Update download binaries flow --- install-linux.sh | 51 +++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/install-linux.sh b/install-linux.sh index 01d26da..cb5f72f 100755 --- a/install-linux.sh +++ b/install-linux.sh @@ -366,34 +366,41 @@ get_package () { } download_package () { - echo "Getting access to the Control Plane" + echo "Downloading the binaries" + + DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "public.cyral.com/packages/$CYRAL_SIDECAR_VERSION/x86-64/$ROUTE/sidecar.$ROUTE" --output $BINARIES_NAME) - if ! TOKEN=$(curl --fail --silent --request POST "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token" -d grant_type=client_credentials -d client_id="$CYRAL_SIDECAR_CLIENT_ID" -d client_secret="$CYRAL_SIDECAR_CLIENT_SECRET" 2>&1) ; then - #attempt with previous ports - CYRAL_CONTROL_PLANE_HTTPS_PORT=8000 - CYRAL_CONTROL_PLANE_GRPC_PORT=9080 + if [[ "$DOWNLOAD_STATUS" -ne 200 ]] ; then + echo "Couldn't find binaries in public location. Status code $DOWNLOAD_STATUS when downloading binaries. Using Control Plane instead." + + echo "Getting access to the Control Plane" + if ! TOKEN=$(curl --fail --silent --request POST "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token" -d grant_type=client_credentials -d client_id="$CYRAL_SIDECAR_CLIENT_ID" -d client_secret="$CYRAL_SIDECAR_CLIENT_SECRET" 2>&1) ; then - echo "Failed to retrieve control plane token." - echo "$TOKEN" - exit 1 + #attempt with previous ports + CYRAL_CONTROL_PLANE_HTTPS_PORT=8000 + CYRAL_CONTROL_PLANE_GRPC_PORT=9080 + if ! TOKEN=$(curl --fail --silent --request POST "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token" -d grant_type=client_credentials -d client_id="$CYRAL_SIDECAR_CLIENT_ID" -d client_secret="$CYRAL_SIDECAR_CLIENT_SECRET" 2>&1) ; then + echo "Failed to retrieve control plane token." + echo "$TOKEN" + exit 1 + fi fi - fi - ACCESS_TOKEN=$(echo "$TOKEN" | jq -r .access_token) - if [[ -z "$ACCESS_TOKEN" ]] ; then - echo "Error: Could not connect to the Control Plane. Check CYRAL_SIDECAR_CLIENT_ID and CYRAL_SIDECAR_CLIENT_SECRET and try again" - exit 1 - fi + ACCESS_TOKEN=$(echo "$TOKEN" | jq -r .access_token) + if [[ -z "$ACCESS_TOKEN" ]] ; then + echo "Error: Could not connect to the Control Plane. Check CYRAL_SIDECAR_CLIENT_ID and CYRAL_SIDECAR_CLIENT_SECRET and try again" + exit 1 + fi - echo "Downloading the binaries" - DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "public.cyral.com/packages/$CYRAL_SIDECAR_VERSION/x86-64/$ROUTE/sidecar.$ROUTE" --output $BINARIES_NAME) - - if [[ "$DOWNLOAD_STATUS" -ne 200 ]] ; then - echo "Error: Status code $DOWNLOAD_STATUS when downloading binaries" - exit 1 - else - echo "Binaries were successfully downloaded." + echo "Downloading the binaries via Control Plane" + DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/templates/download/$ROUTE/$CYRAL_SIDECAR_VERSION" -H "authorization: Bearer $ACCESS_TOKEN" --output $BINARIES_NAME) + + if [[ "$DOWNLOAD_STATUS" -ne 200 ]] ; then + echo "Error: Status code $DOWNLOAD_STATUS when downloading binaries" + exit 1 + fi fi + echo "Binaries were successfully downloaded." INSTALL_PACKAGE=$BINARIES_NAME }