Add support for rocky linux and script cleanup

install-linux.sh

@@ -11,16 +11,6 @@ get_os_type () {
   echo "$detected_os"
 }
 
-define_route () {
-  if [ "$1" = "ubuntu" ]; then
-    ROUTE="deb"
-  else
-    ROUTE="rpm"
-  fi
-
-  BINARIES_NAME=cyral-sidecar.$ROUTE
-}
-
 # This is our usage details
 print_usage () {
   echo "
@@ -103,85 +93,34 @@ install_error () {
   exit 2
 }
 
-pre_update_tasks () { # double check echos   
-  # We need some additional configuration values in the exporter config.yaml
-  if ! grep -q sidecar-id /etc/cyral/cyral-sidecar-exporter/config.yaml; then
-    echo "sidecar-id:" >> /etc/cyral/cyral-sidecar-exporter/config.yaml
-  fi
-
-  if ! grep -q controlplane-host /etc/cyral/cyral-sidecar-exporter/config.yaml; then
-    echo "controlplane-host: localhost" >> /etc/cyral/cyral-sidecar-exporter/config.yaml
-  fi
-
-  if ! grep -q controlplane-port /etc/cyral/cyral-sidecar-exporter/config.yaml; then
-    echo "controlplane-port: 8068" >> /etc/cyral/cyral-sidecar-exporter/config.yaml
-  fi
-
-}
-
-post_update_tasks () { 
-  # The port is wrong here so it needs to be corrected
-  sed -i "s/8050/8069/" /etc/default/cyral-push-client
-
-  # We need to add a sleep in the push proxy service file so it doesn't come up before the forward proxy connects
-  # TODO :: Figure out proper way to do this in the push-client repo
-  sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 60\"" /usr/lib/systemd/system/cyral-push-client.service
-
-  # Making sure we add in our file descriptor limits to the wires and dispatcher - ENG-8504
-  sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-dispatcher.service
-  sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-*wire.service
-}
-
 # This is to check the /etc/ directory for any "release" related files to find the Linux distribution version
 get_os_major_version_id () {
   local detected_version_id
   detected_version_id=$(cat /etc/*ease 2>/dev/null|awk '/^VERSION_ID=/{ print $0}'|awk -F= '{print $2}'| tr -d '"'|awk -F\. '{print $1}')
   echo "$detected_version_id"
 }
 
-# Check to make sure we support the Linux version
-# For now, these are checks for known incompatible versions
-check_os_version () {
-  OS_VERSION="$(get_os_major_version_id)"
-  # Check for OracleLinux less than 8.x
-  if [ "$1" = "ol" ] && [ "$OS_VERSION" -lt 8 ]; then
-	  install_error "Unsupported OracleLinux Version: Detected Version < 8.x"
-  fi
-}
-
-# This is to perform installation tasks specific to Ubuntu / Debian
-install_ubuntu () {
-  echo "Doing an Ubuntu Install"
-  sleep 2
-  do_dpkg_install
-}
-
-# This is to perform installation tasks specific to Red Hat / CentOS
-install_rhel () {
-  echo "Doing a Red Hat Install"
-  sleep 2
-  do_rpm_install
-}
-
-install_amzn () {
-  echo "Doing a Amazon Linux Install"
-  sleep 2
-  do_rpm_install
-}
-
 do_rpm_install(){
+  get_package "rpm"
+  sleep 2
   if rpm -q cyral-sidecar > /dev/null 2>&1; then
     echo "Removing existing installation..."
     rpm -e --erase cyral-sidecar > /dev/null 2>&1
+    rm -f "$(grep "discovery-database" /etc/cyral/cyral-service-monitor/config.yaml 2>/dev/null| awk '{print $2}')"
+    rm -f /etc/cyral/conf.d/sidecar.db
   fi
   echo "Installing sidecar..."
    rpm -U --force "${INSTALL_PACKAGE}" 2>/dev/null
 }
 
 do_dpkg_install(){
+  get_package "deb"
+  sleep 2
   if dpkg -s cyral-sidecar > /dev/null 2>&1; then
     echo "Removing existing installation..."
     dpkg -r cyral-sidecar > /dev/null 2>&1
+    rm -f "$(grep "discovery-database" /etc/cyral/cyral-service-monitor/config.yaml 2>/dev/null| awk '{print $2}')"
+    rm -f /etc/cyral/conf.d/sidecar.db
   fi
   echo "Installing sidecar..."
   dpkg -i --force-all "${INSTALL_PACKAGE}" 2>/dev/null
@@ -190,16 +129,26 @@ do_dpkg_install(){
 # Perform an install of the sidecar package
 do_install () {
   if [ "$1" = "rhel" ]; then
-    install_rhel
+    echo "Doing a Red Hat Install"
+    do_rpm_install
   elif [ "$1" = "ubuntu" ]; then
-    install_ubuntu
+    echo "Doing an Ubuntu Install"
+    do_dpkg_install
   elif [ "$1" = "centos" ]; then
-    install_rhel
+    echo "Doing a Centos Install"
+    do_rpm_install
   elif [ "$1" = "amzn" ]; then
-    install_amzn
-  elif [ "$1" = "ol" ]; then
-    check_os_version "$1"
-    install_rhel
+    echo "Doing a Amazon Linux Install"
+    do_rpm_install
+  elif [ "$1" = "rocky" ]; then # rocky - cent based
+    echo "Doing a Rocky Linux Install"
+    do_rpm_install
+  elif [ "$1" = "ol" ]; then # oracle
+    OS_VERSION="$(get_os_major_version_id)"
+    if [ "$OS_VERSION" -lt 8 ]; then
+	    install_error "Unsupported OracleLinux Version: Detected Version < 8.x"
+    fi
+    do_rpm_install
   else
     install_error "Unsupported Platform"
   fi
@@ -261,41 +210,89 @@ update_config_files () {
 
   local META_STRING="\{${SPECIAL_QUOTE}clientId${SPECIAL_QUOTE}:${SPECIAL_QUOTE}${CYRAL_SIDECAR_CLIENT_ID_CLEAN}${SPECIAL_QUOTE},${SPECIAL_QUOTE}clientSecret${SPECIAL_QUOTE}:${SPECIAL_QUOTE}${CYRAL_SIDECAR_CLIENT_SECRET}${SPECIAL_QUOTE}\}"
 
-  pre_update_tasks
+  seconfig="/etc/cyral/cyral-sidecar-exporter/config.yaml"
+  if [ -f "$seconfig" ]; then
+    # We need to remove the CYRAL_SIDECAR_EXPORTER_ from the beginning of the env vars in cyral-sidecar-exporter
+    sed -i "s/^CYRAL_SIDECAR_EXPORTER_//" /etc/default/cyral-sidecar-exporter
+    sed -i "/^SIDECAR_ID=/c\SIDECAR_ID=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-sidecar-exporter
+
+    sed -i "s/^controlplane_host:/controlplane-host:/" "$seconfig"
+    sed -i "s/^controlplane_port:/controlplane-port:/" "$seconfig"
+
+    if ! grep -q sidecar-id "$seconfig"; then
+      echo "sidecar-id:" >> "$seconfig"
+    fi
+
+    if ! grep -q controlplane-host "$seconfig"; then
+      echo "controlplane-host: localhost" >> "$seconfig"
+    fi
+
+    if ! grep -q controlplane-port "$seconfig"; then
+      echo "controlplane-port: 8068" >> "$seconfig"
+    fi
+    sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" "$seconfig"
+  fi
+
+  # Forward Proxy Config
+  # Just in case tls is disabled we'll force it enabled
+  sed -i "/^tls-type:/c\tls-type: \"tls\"" /etc/cyral/cyral-forward-proxy/config.yaml
   sed -i "/^secret-manager-type:/c\secret-manager-type: \"direct\"" /etc/cyral/cyral-forward-proxy/config.yaml
   sed -i "/^secret-manager-meta:/c\secret-manager-meta: \"${META_STRING}\"" /etc/cyral/cyral-forward-proxy/config.yaml
 
   sed -i "/^grpc-gateway-address:/c\grpc-gateway-address: \"${CYRAL_CONTROL_PLANE}:$CYRAL_CONTROL_PLANE_GRPC_PORT\"" /etc/cyral/cyral-forward-proxy/config.yaml
   sed -i "/^http-gateway-address:/c\http-gateway-address: \"${CYRAL_CONTROL_PLANE}:$CYRAL_CONTROL_PLANE_HTTPS_PORT\"" /etc/cyral/cyral-forward-proxy/config.yaml
   sed -i "/^token-url:/c\token-url: \"https://${CYRAL_CONTROL_PLANE}:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token\"" /etc/cyral/cyral-forward-proxy/config.yaml
 
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-forward-proxy/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-authenticator/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-sqlserver-wire/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-oracle-wire/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-alerter/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-dispatcher/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-dremio-wire/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-mongodb-wire/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-mysql-wire/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-pg-wire/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-s3-wire/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-certificate-manager/config.yaml
-  sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" /etc/cyral/cyral-dynamodb-wire/config.yaml
-  sed -i "/^SIDECAR_ID=/c\SIDECAR_ID=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-sidecar-exporter
-  sed -i "/^CYRAL_PUSH_CLIENT_FQDN=/c\CYRAL_PUSH_CLIENT_FQDN=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-push-client
-
-  sed -i "/^sidecar-version:/c\sidecar-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-sidecar-exporter/config.yaml
+  # apply to all
+  for config_file in /etc/cyral/*/config.yaml; do
+    sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" "$config_file"
+  done
 
-  # Fixes for multiple services using the same repo
-  sed -i "/^metrics-port:/c\metrics-port: 9038" /etc/cyral/cyral-dynamodb-wire/config.yaml
-  sed -i "/^metrics-port:/c\metrics-port: 9024" /etc/cyral/cyral-s3-wire/config.yaml
+  # Push Client Config
+  if [ -f "/etc/default/cyral-push-client" ]; then
+    sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 30\"" /usr/lib/systemd/system/cyral-push-client.service
+    sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 60\"" /usr/lib/systemd/system/cyral-push-client.service
+    # We need to get rid of the CYRAL_PUSH_CLIENT_STORAGE_ from push-client
+    sed -i "s/^CYRAL_PUSH_CLIENT_STORAGE_//" /etc/default/cyral-push-client
+    sed -i "/^CYRAL_PUSH_CLIENT_FQDN=/c\CYRAL_PUSH_CLIENT_FQDN=\"${CYRAL_SIDECAR_ID}\"" /etc/default/cyral-push-client
+     # fix legacy ports
+    sed -i "s/8050/8069/" /etc/default/cyral-push-client
 
-  # Just in case tls is disabled we'll force it enabled
-  sed -i "/^tls-type:/c\tls-type: \"tls\"" /etc/cyral/cyral-forward-proxy/config.yaml
+  fi
+
+  # Service Monitor Config
+  if [ -f "/etc/cyral/cyral-service-monitor/config.yaml" ]; then
+
+    if [ -n "$SIDECAR_INSTANCE_ID" ]; then
+      instance_id="$SIDECAR_INSTANCE_ID"
+    else
+      # Attempt to get the primary IP address using hostname -I
+      if ! instance_id=$(hostname -I | awk '{print $1}'); then
+          # If hostname -I fails, try ifconfig
+          if ! instance_id=$(ifconfig | awk '/inet / {print $2; exit}' | cut -d':' -f2); then
+              instance_id="No_IP"
+          fi
+      fi
+    fi
+
+    sed -i "/^instance-id:/c\instance-id: \"${instance_id}\"" /etc/cyral/cyral-service-monitor/config.yaml
+    sed -i "/^deployed-version:/c\deployed-version: \"${CYRAL_SIDECAR_VERSION}\"" /etc/cyral/cyral-service-monitor/config.yaml
+  fi
 
+  # Wire Specific additional configs
+  # Fixes for multiple services using the same repo
+  if [ -f "/etc/cyral/cyral-dynamodb-wire/config.yaml" ]; then
+    sed -i "/^metrics-port:/c\metrics-port: 9038" /etc/cyral/cyral-dynamodb-wire/config.yaml
+  fi
+
+  if [ -f "/etc/cyral/cyral-s3-wire/config.yaml" ]; then
+    sed -i "/^metrics-port:/c\metrics-port: 9024" /etc/cyral/cyral-s3-wire/config.yaml
+  fi
+  # Making sure we add in our file descriptor limits to the wires and dispatcher - ENG-8504
+  sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-*wire.service
+  sed -i '/^\[Service\]/a LimitNOFILE=65535' /usr/lib/systemd/system/cyral-dispatcher.service
   set_advanced_config
-  post_update_tasks
+
 }
 
 disable_unsupported_services () {
@@ -329,31 +326,14 @@ restart_services () {
   (cd /;systemctl restart cyral-*) # without this it will use the filenames local to it
 }
 
-# TODO :: Remove this once Epic complete
-pre_epic_tasks () {
-  # We need to remove the CYRAL_SIDECAR_EXPORTER_ from the beginning of the env vars in cyral-sidecar-exporter
-  sed -i "s/^CYRAL_SIDECAR_EXPORTER_//" /etc/default/cyral-sidecar-exporter
-
-  # We need to add a sleep in the push proxy service file so it doesn't come up before the forward proxy connects
-  # TODO :: Figure out proper way to do this in the push-client repo
-  sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 30\"" /usr/lib/systemd/system/cyral-push-client.service
-
-  # Need to fix the variable for control plane host and port Ref, ENG-7352
-  sed -i "s/^controlplane_host:/controlplane-host:/" /etc/cyral/cyral-sidecar-exporter/config.yaml
-  sed -i "s/^controlplane_port:/controlplane-port:/" /etc/cyral/cyral-sidecar-exporter/config.yaml
-
-  # We need to get rid of the CYRAL_PUSH_CLIENT_STORAGE_ from push-client
-  sed -i "s/^CYRAL_PUSH_CLIENT_STORAGE_//" /etc/default/cyral-push-client
-}
-
 # Perform all Post Installation Tasks
 do_post_install () {
   echo "Running Post Install Tasks..."
-  pre_epic_tasks
   if [ -n "$CYRAL_REPOSITORIES_SUPPORTED" ]; then
     disable_unsupported_services
   fi
   update_config_files
+  sleep 3 # some os's (ubuntu) seem to have a problem if this is too quick
   restart_services
 }
 
@@ -375,35 +355,52 @@ generate_post_data () {
 EOF
 }
 
+get_package () {
+  if [ -z "$INSTALL_PACKAGE" ] ; then
+  ROUTE=$1
+  BINARIES_NAME=cyral-sidecar.$ROUTE
+  download_package
+  else
+    echo "Using provided package $INSTALL_PACKAGE"
+  fi
+}
+
 download_package () {
-  echo "Getting access to the Control Plane"
+  echo "Downloading the binaries"
+
+  DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "public.cyral.com/packages/$CYRAL_SIDECAR_VERSION/x86-64/$ROUTE/sidecar.$ROUTE" --output $BINARIES_NAME)
 
-  if ! TOKEN=$(curl --fail --silent --request POST "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token" -d grant_type=client_credentials -d client_id="$CYRAL_SIDECAR_CLIENT_ID" -d client_secret="$CYRAL_SIDECAR_CLIENT_SECRET" 2>&1) ; then
-    #attempt with previous ports
-    CYRAL_CONTROL_PLANE_HTTPS_PORT=8000
-    CYRAL_CONTROL_PLANE_GRPC_PORT=9080
+  if [[ "$DOWNLOAD_STATUS" -ne 200 ]] ; then
+    echo "Couldn't find binaries in public location. Status code $DOWNLOAD_STATUS when downloading binaries. Using Control Plane instead."
+
+    echo "Getting access to the Control Plane"
+
     if ! TOKEN=$(curl --fail --silent --request POST "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token" -d grant_type=client_credentials -d client_id="$CYRAL_SIDECAR_CLIENT_ID" -d client_secret="$CYRAL_SIDECAR_CLIENT_SECRET" 2>&1) ; then
-      echo "Failed to retrieve control plane token."
-      echo "$TOKEN"
-      exit 1
+      #attempt with previous ports
+      CYRAL_CONTROL_PLANE_HTTPS_PORT=8000
+      CYRAL_CONTROL_PLANE_GRPC_PORT=9080
+      if ! TOKEN=$(curl --fail --silent --request POST "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/users/oidc/token" -d grant_type=client_credentials -d client_id="$CYRAL_SIDECAR_CLIENT_ID" -d client_secret="$CYRAL_SIDECAR_CLIENT_SECRET" 2>&1) ; then
+        echo "Failed to retrieve control plane token."
+        echo "$TOKEN"
+        exit 1
+      fi
     fi
-  fi
 
-  ACCESS_TOKEN=$(echo "$TOKEN" | jq -r .access_token)
-  if [[ -z "$ACCESS_TOKEN" ]] ; then
-    echo "Error: Could not connect to the Control Plane. Check CYRAL_SIDECAR_CLIENT_ID and CYRAL_SIDECAR_CLIENT_SECRET and try again"
-    exit 1
-  fi
+    ACCESS_TOKEN=$(echo "$TOKEN" | jq -r .access_token)
+    if [[ -z "$ACCESS_TOKEN" ]] ; then
+      echo "Error: Could not connect to the Control Plane. Check CYRAL_SIDECAR_CLIENT_ID and CYRAL_SIDECAR_CLIENT_SECRET and try again"
+      exit 1
+    fi
 
-  echo "Downloading the binaries"
-  DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/templates/download/$ROUTE/$CYRAL_SIDECAR_VERSION" -H "authorization: Bearer $ACCESS_TOKEN" --output $BINARIES_NAME)
-
-  if [[ "$DOWNLOAD_STATUS" -ne 200 ]] ; then
-    echo "Error: Status code $DOWNLOAD_STATUS when downloading binaries"
-    exit 1
-  else
-    echo "Binaries were downloaded correctly."
+    echo "Downloading the binaries via Control Plane"
+    DOWNLOAD_STATUS=$(curl --write-out "%{http_code}" "https://$CYRAL_CONTROL_PLANE:$CYRAL_CONTROL_PLANE_HTTPS_PORT/v1/templates/download/$ROUTE/$CYRAL_SIDECAR_VERSION" -H "authorization: Bearer $ACCESS_TOKEN" --output $BINARIES_NAME)
+
+    if [[ "$DOWNLOAD_STATUS" -ne 200 ]] ; then
+      echo "Error: Status code $DOWNLOAD_STATUS when downloading binaries"
+      exit 1
+    fi
   fi
+  echo "Binaries were successfully downloaded."
   INSTALL_PACKAGE=$BINARIES_NAME
 }
 
@@ -477,7 +474,7 @@ if ! command -v jq &> /dev/null; then
 fi
 
 OS_TYPE="$(get_os_type)"
-define_route "$OS_TYPE"
+
 
 # Handle the arguments that were provided
 while test $# -gt 0; do
@@ -492,9 +489,4 @@ while test $# -gt 0; do
 done
 
 get_config
-
-if [ -z "$INSTALL_PACKAGE" ] ; then
-  download_package
-fi
-
 do_install "$OS_TYPE"