This repository has been archived by the owner on Oct 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 183
/
install.sh
executable file
·495 lines (419 loc) · 12.1 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
#!/bin/sh
# A convenience script to install the agent package on any of our supported
# distros. NOT recommended for production use.
set -euf
repo_base="https://splunk.jfrog.io/splunk"
deb_repo_base="$repo_base/signalfx-agent-deb"
rpm_repo_base="$repo_base/signalfx-agent-rpm"
debian_gpg_key_url="$deb_repo_base/splunk-B3CD4420.gpg"
yum_gpg_key_url="$rpm_repo_base/splunk-B3CD4420.pub"
parse_args_and_install() {
local stage="release"
local realm="us0"
local cluster=
local ingest_url=
local api_url=
local trace_url=
local access_token=
local insecure=
local package_version=
local service_user="signalfx-agent"
local service_group="signalfx-agent"
while [ -n "${1-}" ]; do
case $1 in
--beta)
stage="beta"
;;
--test)
stage="test"
;;
--ingest-url)
ingest_url="$2"
shift 1
;;
--api-url)
api_url="$2"
shift 1
;;
--trace-url)
trace_url="$2"
shift 1
;;
--realm)
realm="$2"
shift 1
;;
--cluster)
cluster="$2"
shift 1
;;
--insecure)
insecure="true"
;;
--package-version)
package_version="$2"
shift 1
;;
--service-user)
service_user="$2"
shift 1
;;
--service-group)
service_group="$2"
shift 1
;;
--)
access_token="$2"
shift 1
;;
-h|--help)
usage
exit 0
;;
-*)
echo "Unknown option $1" >&2
usage
exit 1
;;
*)
if [ -z "$access_token" ]; then
access_token=$1
else
echo "Unknown argument $1" >&2
usage
exit 1
fi
;;
esac
shift 1
done
if [ -z "$ingest_url" ]; then
ingest_url="https://ingest.$realm.signalfx.com"
fi
if [ -z "$api_url" ]; then
api_url="https://api.$realm.signalfx.com"
fi
if [ -z "$trace_url" ]; then
trace_url="https://ingest.$realm.signalfx.com/v2/trace"
fi
echo "Ingest URL: $ingest_url"
echo "API URL: $api_url"
echo "Trace Endpoint URL: $trace_url"
install "$stage" "$ingest_url" "$access_token" "$insecure" "$package_version" "$service_user" "$service_group"
configure_access_token "$access_token" "$service_user" "$service_group"
configure_ingest_url "$ingest_url"
configure_api_url "$api_url"
configure_trace_url "$trace_url"
configure_cluster "$cluster"
start_agent
cat <<EOH
The SignalFx Agent has been successfully installed.
Make sure that your system's time is relatively accurate or else datapoints may not be accepted.
The agent's main configuration file is located at /etc/signalfx/agent.yaml.
EOH
exit 0
}
usage() {
cat <<EOH >&2
Usage: $0 [options] [access_token]
Installs the SignalFx Agent from the package repos. If access_token is not
provided, and is not in the file /etc/signalfx/token, it will prompted for on
stdin.
Options:
--package-version <version> The agent package version to instance
--realm <us0|us1|eu0|...> SignalFx realm to use (used to set --ingest-url and --api-url automatically)
--cluster <custer name> The user-defined environment/cluster to use (corresponds to 'cluster' option in agent)
--ingest-url <ingest url> Base URL of the SignalFx ingest server
--api-url <api url> Base URL of the SignalFx API server
--trace-url <trace url> Trace Endpoint URL of the SignalFx ingest server
--service-user <user> Set the user for the signalfx-agent service (default: "signalfx-agent")
The user will be created if it does not exist
Requires agent package version 5.1.0 or newer
--service-group <group> Set the group for the signalfx-agent service (default: "signalfx-agent")
The group will be created if it does not exist
Requires agent package version 5.1.0 or newer
--test Use the test package repo instead of the primary
--beta Use the beta package repo instead of the primary
-- Use -- if your access_token starts with -
EOH
exit 0
}
repo_for_stage() {
local repo_url=$1
local stage=$2
echo "$repo_url/$stage"
}
get_distro() {
local distro="$(. /etc/os-release 2>/dev/null && echo $ID || true)"
# Centos/RHEL 6 doesn't have /etc/os-release
if [ -z "$distro" ]; then
if [ -e /etc/centos-release ]; then
distro="centos"
elif [ -e /etc/redhat-release ]; then
distro="rhel"
fi
fi
echo "$distro"
}
download_file_to_stdout() {
local url=$1
if command -v curl > /dev/null; then
curl -sSL $url
elif command -v wget > /dev/null; then
wget -O - -o /dev/null $url
else
echo "Either curl or wget must be installed to download $url" >&2
exit 1
fi
}
request_access_token() {
local access_token=
while [ -z "$access_token" ]; do
read -p "Please enter your SignalFx access token: " access_token
done
echo "$access_token"
}
pull_access_token_from_config() {
if [ -e /etc/signalfx/token ] && [ -s /etc/signalfx/token ]; then
cat /etc/signalfx/token
fi
}
verify_access_token() {
local access_token="$1"
local ingest_url="$2"
local insecure="$3"
if command -v curl > /dev/null; then
api_output=$(curl \
-d '[]' \
-H "X-Sf-Token: $access_token" \
-H "Content-Type:application/json" \
-X POST \
$([ "$insecure" = "true" ] && echo -n "--insecure") \
"$ingest_url"/v2/event 2>/dev/null)
elif command -v wget > /dev/null; then
api_output=$(wget \
--header="Content-Type: application/json" \
--header="X-Sf-Token: $access_token" \
--post-data='[]' \
$([ "$insecure" = "true" ] && echo -n "--no-check-certificate") \
-O - \
-o /dev/null \
"$ingest_url"/v2/event)
if [ $? -eq 5 ]; then
echo "TLS cert for SignalFx ingest could not be verified, does your system have TLS certs installed?" >&2
exit 1
fi
else
echo "Either curl or wget is required to verify the access token" >&2
exit 1
fi
if [ "$api_output" = "\"OK\"" ]; then
true
else
echo "$api_output"
false
fi
}
download_debian_key() {
if ! download_file_to_stdout "$debian_gpg_key_url" > /etc/apt/trusted.gpg.d/splunk.gpg; then
echo "Could not get the SignalFx Debian GPG signing key" >&2
exit 1
fi
chmod 644 /etc/apt/trusted.gpg.d/splunk.gpg
}
install_debian_apt_source() {
local stage="$1"
local trusted_flag=
if [ "$stage" = "test" ]; then
trusted_flag="[trusted=yes]"
fi
apt-get -y update
apt-get -y install apt-transport-https
echo "deb $trusted_flag $deb_repo_base $stage main" > /etc/apt/sources.list.d/signalfx-agent.list
}
install_with_apt() {
local package_version="$1"
local version_flag=""
if test -n "$package_version"; then
version_flag="=${package_version}"
fi
apt-get -y update
apt-get -y install signalfx-agent${version_flag}
}
#download_rpm_key() {
#rpm --import $yum_gpg_key_url
#}
install_yum_repo() {
local stage="$1"
local repo_path="${2:-/etc/yum.repos.d}"
local gpgcheck=1
if [ "$stage" = "test" ]; then
gpgcheck=0
fi
cat <<EOH > ${repo_path}/signalfx-agent.repo
[signalfx-agent]
name=SignalFx Agent Repository
baseurl=$(repo_for_stage $rpm_repo_base $stage)
gpgcheck=$gpgcheck
repo_gpgcheck=$gpgcheck
gpgkey=$yum_gpg_key_url
enabled=1
EOH
}
install_with_yum() {
local package_version="$1"
local version_flag=""
if test -n "$package_version"; then
version_flag="-${package_version}"
fi
yum install -y signalfx-agent${version_flag}
}
install_with_zypper() {
local package_version="$1"
local version_flag=
if test -n "$package_version"; then
version_flag="-${package_version}"
fi
rpm --import $yum_gpg_key_url
zypper -n --gpg-auto-import-keys refresh
zypper install -y -l libcap2 libcap-progs libpcap1 shadow
local tmpdir=$(mktemp -d)
zypper --pkg-cache-dir=${tmpdir} download signalfx-agent${version_flag}
rpm -ivh --nodeps ${tmpdir}/signalfx-agent/signalfx-agent*.rpm
rm -rf ${tmpdir}
}
ensure_not_installed() {
if [ -e /etc/signalfx ]; then
echo "The agent config directory /etc/signalfx already exists which implies that the agent has already been installed. Please remove this directory to proceed." >&2
exit 1
fi
}
configure_access_token() {
local access_token=$1
local service_user=$2
local service_group=$3
mkdir -p /etc/signalfx
printf "%s" "$access_token" > /etc/signalfx/token
chmod 600 /etc/signalfx/token
chown $service_user:$service_group /etc/signalfx/token
}
configure_ingest_url() {
local ingest_url=$1
mkdir -p /etc/signalfx
printf "%s" "$ingest_url" > /etc/signalfx/ingest_url
}
configure_api_url() {
local api_url=$1
mkdir -p /etc/signalfx
printf "%s" "$api_url" > /etc/signalfx/api_url
}
configure_trace_url() {
local trace_url=$1
mkdir -p /etc/signalfx
printf "%s" "$trace_url" > /etc/signalfx/trace_endpoint_url
}
configure_cluster() {
local cluster=$1
mkdir -p /etc/signalfx
printf "%s" "$cluster" > /etc/signalfx/cluster
}
create_user_group() {
local user="$1"
local group="$2"
getent group $group >/dev/null 2>&1 || \
groupadd --system $group
getent passwd $user >/dev/null 2>&1 || \
useradd --system --no-user-group --home-dir /usr/lib/signalfx-agent --no-create-home --shell $(command -v nologin) --groups $group $user
}
override_systemd_service() {
local service_user="$1"
local service_group="$2"
local tmpfile_path="/etc/tmpfiles.d/signalfx-agent.conf"
local override_path="/etc/systemd/system/signalfx-agent.service.d/service-owner.conf"
systemctl stop signalfx-agent
mkdir -p $(dirname $tmpfile_path)
cat <<EOH > $tmpfile_path
D /run/signalfx-agent 0755 ${service_user} ${service_group} - -
EOH
systemd-tmpfiles --create --remove $tmpfile_path
mkdir -p $(dirname $override_path)
cat <<EOH > $override_path
[Service]
User=${service_user}
Group=${service_group}
EOH
systemctl daemon-reload
}
override_initd_service() {
local service_user="$1"
local service_group="$2"
local default_path="/etc/default/signalfx-agent"
service signalfx-agent stop
if [ -f $default_path ] && grep -q "^user=" $default_path; then
sed -i "s/^user=.*/user=${service_user}/" $default_path
else
echo "user=${service_user}" >> $default_path
fi
if [ -f $default_path ] && grep -q "^group=" $default_path; then
sed -i "s/^group=.*/group=${service_group}/" $default_path
else
echo "group=${service_group}" >> $default_path
fi
}
start_agent() {
if command -v systemctl > /dev/null; then
systemctl start signalfx-agent
else
service signalfx-agent start
fi
}
install() {
local stage="$1"
local ingest_url="$2"
local access_token="$3"
local insecure="$4"
local package_version="$5"
local service_user="$6"
local service_group="$7"
local distro="$(get_distro)"
ensure_not_installed
echo "Installing package signalfx-agent (${package_version:-latest}) from $stage repo"
if [ -z $access_token ]; then
access_token=$(pull_access_token_from_config)
fi
if [ -z $access_token ]; then
access_token=$(request_access_token)
fi
if ! verify_access_token "$access_token" "$ingest_url" "$insecure"; then
echo "Your access token could not be verified. This may be due to a network connectivity issue." >&2
exit 1
fi
case "$distro" in
ubuntu|debian)
if [ "$stage" != "test" ]; then
download_debian_key
fi
install_debian_apt_source "$stage"
install_with_apt "$package_version"
;;
amzn|centos|rhel)
install_yum_repo "$stage"
install_with_yum "$package_version"
;;
sles|opensuse*)
install_yum_repo "$stage" "/etc/zypp/repos.d"
install_with_zypper "$package_version"
;;
*)
echo "Your distro ($distro) is not supported or could not be determined" >&2
exit 1
;;
esac
create_user_group "$service_user" "$service_group"
if command -v systemctl >/dev/null; then
override_systemd_service "$service_user" "$service_group"
else
override_initd_service "$service_user" "$service_group"
fi
}
parse_args_and_install $@