From 74f73ec86d356a8c755369361382a10cdd6a8944 Mon Sep 17 00:00:00 2001 From: Fred Heinecke Date: Mon, 24 Jun 2024 14:22:19 -0500 Subject: [PATCH] Migrated install scripts to Teleport repo --- assets/install-scripts/install-connect.sh | 325 +++++++++++++++++ assets/install-scripts/install.sh | 421 ++++++++++++++++++++++ assets/install-scripts/license-check.sh | 75 ++++ 3 files changed, 821 insertions(+) create mode 100755 assets/install-scripts/install-connect.sh create mode 100755 assets/install-scripts/install.sh create mode 100755 assets/install-scripts/license-check.sh diff --git a/assets/install-scripts/install-connect.sh b/assets/install-scripts/install-connect.sh new file mode 100755 index 0000000000000..76ef9dcb7efa3 --- /dev/null +++ b/assets/install-scripts/install-connect.sh @@ -0,0 +1,325 @@ +#!/bin/bash +# Copyright 2022 Gravitational, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script detects the current Linux distribution and installs Teleport Connect +# through its package manager, if supported, or downloading a tarball otherwise. +# We'll download Teleport from the official website and checksum it to make sure it was properly +# downloaded before executing. + +# The script is wrapped inside a function to protect against the connection being interrupted +# in the middle of the stream. + +# For more download options, head to https://goteleport.com/download/ + +set -euo pipefail + +# download uses curl or wget to download a teleport connect binary +download() { + URL=$1 + TMP_PATH=$2 + + echo "Downloading $URL" + if type curl &>/dev/null; then + set -x + $SUDO $CURL -o "$TMP_PATH" "$URL" + else + set -x + $SUDO $CURL -O "$TMP_PATH" "$URL" + fi + set +x +} + +install_via_apt_get() { + echo "Installing Teleport Connect v$TELEPORT_VERSION via apt-get" + add_apt_key + set -x + $SUDO apt-get install -y teleport-connect=$TELEPORT_VERSION + set +x +} + +add_apt_key() { + APT_REPO_ID=$ID + APT_REPO_VERSION_CODENAME=$VERSION_CODENAME + IS_LEGACY=0 + + # check if we must use legacy .asc key + case "$ID" in + ubuntu | pop | neon | zorin) + if ! expr "$VERSION_ID" : "2.*" >/dev/null; then + IS_LEGACY=1 + fi + ;; + debian | raspbian) + if [ "$VERSION_ID" -lt 11 ]; then + IS_LEGACY=1 + fi + ;; + linuxmint | parrot) + if [ "$VERSION_ID" -lt 5 ]; then + IS_LEGACY=1 + fi + ;; + elementary) + if [ "$VERSION_ID" -lt 6 ]; then + IS_LEGACY=1 + fi + ;; + kali) + YEAR="$(echo "$VERSION_ID" | cut -f1 -d.)" + if [ "$YEAR" -lt 2021 ]; then + IS_LEGACY=1 + fi + ;; + esac + + if [[ "$IS_LEGACY" == 0 ]]; then + # set APT_REPO_ID if necessary + case "$ID" in + linuxmint | kali | elementary | pop | raspbian | neon | zorin | parrot) + APT_REPO_ID=$ID_LIKE + ;; + esac + + # set APT_REPO_VERSION_CODENAME if necessary + case "$ID" in + linuxmint | elementary | pop | neon | zorin) + APT_REPO_VERSION_CODENAME=$UBUNTU_CODENAME + ;; + kali) + APT_REPO_VERSION_CODENAME="bullseye" + ;; + parrot) + APT_REPO_VERSION_CODENAME="buster" + ;; + esac + fi + + echo "Downloading Teleport's PGP public key..." + TEMP_DIR=$(mktemp -d -t teleport-XXXXXXXXXX) + MAJOR=$(echo "$TELEPORT_VERSION" | cut -f1 -d.) + TELEPORT_REPO="" + + if [[ "$IS_LEGACY" == 1 ]]; then + if ! type gpg >/dev/null; then + echo "Installing gnupg" + set -x + $SUDO apt-get update + $SUDO apt-get install -y gnupg + set +x + fi + TMP_KEY="$TEMP_DIR/teleport-pubkey.asc" + download "https://deb.releases.teleport.dev/teleport-pubkey.asc" "$TMP_KEY" + set -x + cat $TMP_KEY | $SUDO apt-key add - + set +x + TELEPORT_REPO="deb https://apt.releases.teleport.dev/${APT_REPO_ID?} ${APT_REPO_VERSION_CODENAME?} stable/v${MAJOR}" + else + TMP_KEY="$TEMP_DIR/teleport-pubkey.gpg" + download "https://apt.releases.teleport.dev/gpg" "$TMP_KEY" + set -x + cat $TMP_KEY | $SUDO tee /usr/share/keyrings/teleport-archive-keyring.asc >/dev/null + set +x + TELEPORT_REPO="deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://apt.releases.teleport.dev/${APT_REPO_ID?} ${APT_REPO_VERSION_CODENAME?} stable/v${MAJOR}" + fi + + set -x + echo "$TELEPORT_REPO" | $SUDO tee /etc/apt/sources.list.d/teleport.list >/dev/null + set +x + + set -x + $SUDO apt-get update + set +x +} + +install_via_yum() { + TEMP_DIR=$(mktemp -d -t teleport-connect-XXXXXXXXXX) + + ARCH_RPM=$ARCH + case $ARCH in + amd64) + ARCH_RPM="x86_64" + ;; + esac + + TELEPORT_FILENAME="teleport-connect-${TELEPORT_VERSION}.${ARCH_RPM}.rpm" + URL="https://cdn.teleport.dev/${TELEPORT_FILENAME}" + download "${URL}" "${TEMP_DIR}/${TELEPORT_FILENAME}" + + TMP_CHECKSUM="${TEMP_DIR}/${TELEPORT_FILENAME}.sha256" + download "${URL}.sha256" "$TMP_CHECKSUM" + + set -x + cd "$TEMP_DIR" + $SUDO $SHA_COMMAND -c "$TMP_CHECKSUM" + cd - + + if type dnf &>/dev/null; then + echo "Installing Teleport Connect v$TELEPORT_VERSION through dnf" + $SUDO dnf -y install "${TEMP_DIR}/${TELEPORT_FILENAME}" + else + echo "Installing Teleport Connect v$TELEPORT_VERSION through yum" + $SUDO yum -y localinstall "${TEMP_DIR}/${TELEPORT_FILENAME}" + fi + set +x +} + +# download .tar.gz file via curl/wget, unzip it and run the install sript +install_via_curl() { + TEMP_DIR=$(mktemp -d -t teleport-connect-XXXXXXXXXX) + + TELEPORT_FILENAME="teleport-connect-v$TELEPORT_VERSION-linux-$ARCH.tar.gz" + URL="https://cdn.teleport.dev/${TELEPORT_FILENAME}" + download "${URL}" "${TEMP_DIR}/${TELEPORT_FILENAME}" + + TMP_CHECKSUM="${TEMP_DIR}/${TELEPORT_FILENAME}.sha256" + download "${URL}.sha256" "$TMP_CHECKSUM" + + set -x + cd "$TEMP_DIR" + $SUDO $SHA_COMMAND -c "$TMP_CHECKSUM" + cd - + + $SUDO tar -xzf "${TEMP_DIR}/${TELEPORT_FILENAME}" -C "$TEMP_DIR" + $SUDO "$TEMP_DIR/teleport/install" + set +x +} + +# wrap script in a function so a partially downloaded script +# doesn't execute +install_teleport() { + # exit if not on Linux + if [[ $(uname) != "Linux" ]]; then + echo "ERROR: This script works only for Linux. Please go to the downloads page to find the proper installation method for your operating system:" + echo "https://goteleport.com/download/" + exit 1 + fi + + KERNEL_VERSION=$(uname -r) + MIN_VERSION="2.6.23" + if [ $MIN_VERSION != $(echo -e "$MIN_VERSION\n$KERNEL_VERSION" | sort -V | head -n1) ]; then + echo "ERROR: Teleport Connect requires Linux kernel version $MIN_VERSION+" + exit 1 + fi + + # check if can run as admin either by running as root or by + # having 'sudo' or 'doas' installed + IS_ROOT="" + SUDO="" + if [ "$(id -u)" = 0 ]; then + # running as root, no need for sudo/doas + IS_ROOT="YES" + SUDO="" + elif type sudo &>/dev/null; then + SUDO="sudo" + elif type doas &>/dev/null; then + SUDO="doas" + fi + + if [ -z "$SUDO" ] && [ -z "$IS_ROOT" ]; then + echo "ERROR: The installer requires a way to run commands as root." + echo "Either run this script as root or install sudo/doas." + exit 1 + fi + + # require curl/wget + CURL="" + if type curl &>/dev/null; then + CURL="curl -fL" + elif type wget &>/dev/null; then + CURL="wget" + fi + if [ -z "$CURL" ]; then + echo "ERROR: This script requires either curl or wget in order to download files. Please install one of them and try again." + exit 1 + fi + + # require shasum/sha256sum + SHA_COMMAND="" + if type shasum &>/dev/null; then + SHA_COMMAND="shasum -a 256" + elif type sha256sum &>/dev/null; then + SHA_COMMAND="sha256sum" + else + echo "ERROR: This script requires sha256sum or shasum to validate the download. Please install it and try again." + exit 1 + fi + + # detect distro + OS_RELEASE=/etc/os-release + ID="" + ID_LIKE="" + if [[ -f "$OS_RELEASE" ]]; then + . $OS_RELEASE + fi + + # detect architecture + ARCH="" + case $(uname -m) in + x86_64) + ARCH="amd64" + ;; + **) + echo "ERROR: Teleport Connect is currently only supported on amd64." + echo "Please refer to the installation guide for more information:" + echo "https://goteleport.com/docs/installation/" + exit 1 + ;; + esac + + # select install method based on distribution + # if ID is debian derivate, run apt-get + case "$ID" in + debian | ubuntu | kali | linuxmint | pop | raspbian | neon | zorin | parrot | elementary) + install_via_apt_get + ;; + # if ID is amazon Linux 2/RHEL/etc, run yum + centos | rhel | fedora | rocky | almalinux | xenenterprise | ol | scientific | amzn) + install_via_yum + ;; + *) + # before downloading manually, double check if we didn't miss any + # debian or rh/fedora derived distros using the ID_LIKE var + case "$ID_LIKE" in + ubuntu | debian) + install_via_apt_get + ;; + "rhel fedora" | fedora | "centos rhel fedora") + install_via_yum + ;; + *) + # if ID and ID_LIKE didn't return a supported distro, download through curl + echo "There is no officially supported package to your package manager. Downloading and installing Teleport Connect via curl." + install_via_curl + ;; + esac + ;; + esac + + GREEN='\033[0;32m' + COLOR_OFF='\033[0m' + + echo "" + echo -e "${GREEN}Teleport Connect $TELEPORT_VERSION installed successfully!${COLOR_OFF}" + echo "run \`teleport-connect\` to start using Teleport Connect." +} + +TELEPORT_VERSION="" +if [ $# -ge 1 ] && [ -n "$1" ]; then + TELEPORT_VERSION=$1 +else + echo "ERROR: Please provide the version you want to install (e.g., 10.2.1)." + exit 1 +fi +install_teleport diff --git a/assets/install-scripts/install.sh b/assets/install-scripts/install.sh new file mode 100755 index 0000000000000..fa79863b3676c --- /dev/null +++ b/assets/install-scripts/install.sh @@ -0,0 +1,421 @@ +#!/bin/bash +# Copyright 2022 Gravitational, Inc + +# This script detects the current Linux distribution and installs Teleport +# through its package manager, if supported, or downloading a tarball otherwise. +# We'll download Teleport from the official website and checksum it to make sure it was properly +# downloaded before executing. + +# The script is wrapped inside a function to protect against the connection being interrupted +# in the middle of the stream. + +# For more download options, head to https://goteleport.com/download/ + +set -euo pipefail + +# download uses curl or wget to download a teleport binary +download() { + URL=$1 + TMP_PATH=$2 + + echo "Downloading $URL" + if type curl &>/dev/null; then + set -x + # shellcheck disable=SC2086 + $SUDO $CURL -o "$TMP_PATH" "$URL" + else + set -x + # shellcheck disable=SC2086 + $SUDO $CURL -O "$TMP_PATH" "$URL" + fi + set +x +} + +install_via_apt_get() { + echo "Installing Teleport v$TELEPORT_VERSION via apt-get" + add_apt_key + set -x + $SUDO apt-get install -y "teleport$TELEPORT_SUFFIX=$TELEPORT_VERSION" + set +x + if [ "$TELEPORT_EDITION" = "cloud" ]; then + set -x + $SUDO apt-get install -y teleport-ent-updater + set +x + fi +} + +add_apt_key() { + APT_REPO_ID=$ID + APT_REPO_VERSION_CODENAME=$VERSION_CODENAME + IS_LEGACY=0 + + # check if we must use legacy .asc key + case "$ID" in + ubuntu | pop | neon | zorin) + if ! expr "$VERSION_ID" : "2.*" >/dev/null; then + IS_LEGACY=1 + fi + ;; + debian | raspbian) + if [ "$VERSION_ID" -lt 11 ]; then + IS_LEGACY=1 + fi + ;; + linuxmint | parrot) + if [ "$VERSION_ID" -lt 5 ]; then + IS_LEGACY=1 + fi + ;; + elementary) + if [ "$VERSION_ID" -lt 6 ]; then + IS_LEGACY=1 + fi + ;; + kali) + YEAR="$(echo "$VERSION_ID" | cut -f1 -d.)" + if [ "$YEAR" -lt 2021 ]; then + IS_LEGACY=1 + fi + ;; + esac + + if [[ "$IS_LEGACY" == 0 ]]; then + # set APT_REPO_ID if necessary + case "$ID" in + linuxmint | kali | elementary | pop | raspbian | neon | zorin | parrot) + APT_REPO_ID=$ID_LIKE + ;; + esac + + # set APT_REPO_VERSION_CODENAME if necessary + case "$ID" in + linuxmint | elementary | pop | neon | zorin) + APT_REPO_VERSION_CODENAME=$UBUNTU_CODENAME + ;; + kali) + APT_REPO_VERSION_CODENAME="bullseye" + ;; + parrot) + APT_REPO_VERSION_CODENAME="buster" + ;; + esac + fi + + echo "Downloading Teleport's PGP public key..." + TEMP_DIR=$(mktemp -d -t teleport-XXXXXXXXXX) + MAJOR=$(echo "$TELEPORT_VERSION" | cut -f1 -d.) + TELEPORT_REPO="" + + CHANNEL="stable/v${MAJOR}" + if [ "$TELEPORT_EDITION" = "cloud" ]; then + CHANNEL="stable/cloud" + fi + + if [[ "$IS_LEGACY" == 1 ]]; then + if ! type gpg >/dev/null; then + echo "Installing gnupg" + set -x + $SUDO apt-get update + $SUDO apt-get install -y gnupg + set +x + fi + TMP_KEY="$TEMP_DIR/teleport-pubkey.asc" + download "https://deb.releases.teleport.dev/teleport-pubkey.asc" "$TMP_KEY" + set -x + $SUDO apt-key add "$TMP_KEY" + set +x + TELEPORT_REPO="deb https://apt.releases.teleport.dev/${APT_REPO_ID?} ${APT_REPO_VERSION_CODENAME?} ${CHANNEL}" + else + TMP_KEY="$TEMP_DIR/teleport-pubkey.gpg" + download "https://apt.releases.teleport.dev/gpg" "$TMP_KEY" + set -x + $SUDO cp "$TMP_KEY" /usr/share/keyrings/teleport-archive-keyring.asc + set +x + TELEPORT_REPO="deb [signed-by=/usr/share/keyrings/teleport-archive-keyring.asc] https://apt.releases.teleport.dev/${APT_REPO_ID?} ${APT_REPO_VERSION_CODENAME?} ${CHANNEL}" + fi + + set -x + echo "$TELEPORT_REPO" | $SUDO tee /etc/apt/sources.list.d/teleport.list >/dev/null + set +x + + set -x + $SUDO apt-get update + set +x +} + +# $1 is the value of the $ID path segment in the YUM repo URL. In +# /etc/os-release, this is either the value of $ID or $ID_LIKE. +install_via_yum() { + # shellcheck source=/dev/null + source /etc/os-release + + # Get the major version from the version ID. + VERSION_ID=$(echo "$VERSION_ID" | grep -Eo "^[0-9]+") + TELEPORT_MAJOR_VERSION="v$(echo "$TELEPORT_VERSION" | grep -Eo "^[0-9]+")" + + CHANNEL="stable/${TELEPORT_MAJOR_VERSION}" + if [ "$TELEPORT_EDITION" = "cloud" ]; then + CHANNEL="stable/cloud" + fi + + if type dnf &>/dev/null; then + echo "Installing Teleport v$TELEPORT_VERSION through dnf" + $SUDO dnf install -y 'dnf-command(config-manager)' + $SUDO dnf config-manager --add-repo "$(rpm --eval "https://yum.releases.teleport.dev/$1/$VERSION_ID/Teleport/%{_arch}/$CHANNEL/teleport-yum.repo")" + $SUDO dnf install -y "teleport$TELEPORT_SUFFIX-$TELEPORT_VERSION" + + if [ "$TELEPORT_EDITION" = "cloud" ]; then + $SUDO dnf install -y teleport-ent-updater + fi + + else + echo "Installing Teleport v$TELEPORT_VERSION through yum" + $SUDO yum install -y yum-utils + $SUDO yum-config-manager --add-repo "$(rpm --eval "https://yum.releases.teleport.dev/$1/$VERSION_ID/Teleport/%{_arch}/$CHANNEL/teleport-yum.repo")" + $SUDO yum install -y "teleport$TELEPORT_SUFFIX-$TELEPORT_VERSION" + + if [ "$TELEPORT_EDITION" = "cloud" ]; then + $SUDO yum install -y teleport-ent-updater + fi + fi + set +x +} + +install_via_zypper() { + # shellcheck source=/dev/null + source /etc/os-release + + # Get the major version from the version ID. + VERSION_ID=$(echo "$VERSION_ID" | grep -Eo "^[0-9]+") + TELEPORT_MAJOR_VERSION="v$(echo "$TELEPORT_VERSION" | grep -Eo "^[0-9]+")" + + CHANNEL="stable/${TELEPORT_MAJOR_VERSION}" + if [ "$TELEPORT_EDITION" = "cloud" ]; then + CHANNEL="stable/cloud" + fi + + $SUDO rpm --import https://zypper.releases.teleport.dev/gpg + $SUDO zypper addrepo --refresh --repo $(rpm --eval "https://zypper.releases.teleport.dev/$ID/$VERSION_ID/Teleport/%{_arch}/$CHANNEL/teleport-zypper.repo") + $SUDO zypper --gpg-auto-import-keys refresh teleport + $SUDO zypper install -y "teleport$TELEPORT_SUFFIX" + + if [ "$TELEPORT_EDITION" = "cloud" ]; then + $SUDO zypper install -y teleport-ent-updater + fi + + set +x +} + + +# download .tar.gz file via curl/wget, unzip it and run the install sript +install_via_curl() { + TEMP_DIR=$(mktemp -d -t teleport-XXXXXXXXXX) + + TELEPORT_FILENAME="teleport$TELEPORT_SUFFIX-v$TELEPORT_VERSION-linux-$ARCH-bin.tar.gz" + URL="https://cdn.teleport.dev/${TELEPORT_FILENAME}" + download "${URL}" "${TEMP_DIR}/${TELEPORT_FILENAME}" + + TMP_CHECKSUM="${TEMP_DIR}/${TELEPORT_FILENAME}.sha256" + download "${URL}.sha256" "$TMP_CHECKSUM" + + set -x + cd "$TEMP_DIR" + $SUDO "$SHA_COMMAND" -c "$TMP_CHECKSUM" + cd - + + $SUDO tar -xzf "${TEMP_DIR}/${TELEPORT_FILENAME}" -C "$TEMP_DIR" + $SUDO "$TEMP_DIR/teleport/install" + set +x +} + +# wrap script in a function so a partially downloaded script +# doesn't execute +install_teleport() { + # exit if not on Linux + if [[ $(uname) != "Linux" ]]; then + echo "ERROR: This script works only for Linux. Please go to the downloads page to find the proper installation method for your operating system:" + echo "https://goteleport.com/download/" + exit 1 + fi + + KERNEL_VERSION=$(uname -r) + MIN_VERSION="2.6.23" + if [ $MIN_VERSION != "$(echo -e "$MIN_VERSION\n$KERNEL_VERSION" | sort -V | head -n1)" ]; then + echo "ERROR: Teleport requires Linux kernel version $MIN_VERSION+" + exit 1 + fi + + # check if can run as admin either by running as root or by + # having 'sudo' or 'doas' installed + IS_ROOT="" + SUDO="" + if [ "$(id -u)" = 0 ]; then + # running as root, no need for sudo/doas + IS_ROOT="YES" + SUDO="" + elif type sudo &>/dev/null; then + SUDO="sudo" + elif type doas &>/dev/null; then + SUDO="doas" + fi + + if [ -z "$SUDO" ] && [ -z "$IS_ROOT" ]; then + echo "ERROR: The installer requires a way to run commands as root." + echo "Either run this script as root or install sudo/doas." + exit 1 + fi + + # require curl/wget + CURL="" + if type curl &>/dev/null; then + CURL="curl -fL" + elif type wget &>/dev/null; then + CURL="wget" + fi + if [ -z "$CURL" ]; then + echo "ERROR: This script requires either curl or wget in order to download files. Please install one of them and try again." + exit 1 + fi + + # require shasum/sha256sum + SHA_COMMAND="" + if type shasum &>/dev/null; then + SHA_COMMAND="shasum -a 256" + elif type sha256sum &>/dev/null; then + SHA_COMMAND="sha256sum" + else + echo "ERROR: This script requires sha256sum or shasum to validate the download. Please install it and try again." + exit 1 + fi + + # detect distro + OS_RELEASE=/etc/os-release + ID="" + ID_LIKE="" + VERSION_CODENAME="" + UBUNTU_CODENAME="" + if [[ -f "$OS_RELEASE" ]]; then + # shellcheck source=/dev/null + . $OS_RELEASE + fi + + # detect architecture + ARCH="" + case $(uname -m) in + x86_64) + ARCH="amd64" + ;; + i386) + ARCH="386" + ;; + armv7l) + ARCH="arm" + ;; + aarch64) + ARCH="arm64" + ;; + **) + echo "ERROR: Your system's architecture isn't officially supported or couldn't be determined." + echo "Please refer to the installation guide for more information:" + echo "https://goteleport.com/docs/installation/" + exit 1 + ;; + esac + + # select install method based on distribution + # if ID is debian derivate, run apt-get + case "$ID" in + debian | ubuntu | kali | linuxmint | pop | raspbian | neon | zorin | parrot | elementary) + install_via_apt_get + ;; + # if ID is amazon Linux 2/RHEL/etc, run yum + centos | rhel | amzn) + install_via_yum "$ID" + ;; + sles) + install_via_zypper + ;; + *) + # before downloading manually, double check if we didn't miss any debian or + # rh/fedora derived distros using the ID_LIKE var. Some $ID_LIKE values + # include multiple distro names in an arbitrary order, so evaluate the first + # one. + case "$(echo "$ID_LIKE" | awk '{print $1}')" in + ubuntu | debian) + install_via_apt_get + ;; + centos | fedora | rhel) + # There is no repository for "fedora", and there is no difference + # between the repositories for "centos" and "rhel", so pick an arbitrary + # one. + install_via_yum rhel + ;; + *) + if [ "$TELEPORT_EDITION" = "cloud" ]; then + echo "The system does not support a package manager, which is required for Teleport Enterprise Cloud." + exit 1 + fi + + # if ID and ID_LIKE didn't return a supported distro, download through curl + echo "There is no officially supported package for your package manager. Downloading and installing Teleport via curl." + install_via_curl + ;; + esac + ;; + esac + + GREEN='\033[0;32m' + COLOR_OFF='\033[0m' + + echo "" + echo -e "${GREEN}$(teleport version) installed successfully!${COLOR_OFF}" + echo "" + echo "The following commands are now available:" + if type teleport &>/dev/null; then + echo " teleport - The daemon that runs the Auth Service, Proxy Service, and other Teleport services." + fi + if type tsh &>/dev/null; then + echo " tsh - A tool that lets end users interact with Teleport." + fi + if type tctl &>/dev/null; then + echo " tctl - An administrative tool that can configure the Teleport Auth Service." + fi + if type tbot &>/dev/null; then + echo " tbot - Teleport Machine ID client." + fi +} + +# The suffix is "-ent" if we are installing a commercial edition of Teleport and +# empty for Teleport Community Edition. +TELEPORT_SUFFIX="" +TELEPORT_VERSION="" +TELEPORT_EDITION="" +if [ $# -ge 1 ] && [ -n "$1" ]; then + TELEPORT_VERSION=$1 +else + echo "ERROR: Please provide the version you want to install (e.g., 10.1.9)." + exit 1 +fi + +if ! echo "$1" | grep -qE "[0-9]+\.[0-9]+\.[0-9]+"; then + echo "ERROR: The first parameter must be a version number, e.g., 10.1.9." + exit 1 +fi + +if [ $# -ge 2 ] && [ -n "$2" ]; then + TELEPORT_EDITION=$2 + + case $TELEPORT_EDITION in + enterprise | cloud) + TELEPORT_SUFFIX="-ent" + ;; + # An empty edition defaults to OSS. + oss | "" ) + ;; + *) + echo 'ERROR: The second parameter must be "oss", "cloud", or "enterprise".' + exit 1 + ;; + esac +fi +install_teleport diff --git a/assets/install-scripts/license-check.sh b/assets/install-scripts/license-check.sh new file mode 100755 index 0000000000000..44927bbe7f835 --- /dev/null +++ b/assets/install-scripts/license-check.sh @@ -0,0 +1,75 @@ +#!/bin/sh +# Copyright 2024 Gravitational, Inc + +# This script is used to validate if a Teleport license is valid or deprecated. +# +# Usage: ./check-deprecated-license +# If omited, LICENSE_PATH will be the default Teleport license file path: +# /var/lib/teleport/license.pem + +# The script is wrapped inside a function to protect against the connection being interrupted +# in the middle of the stream. +set -eu + +print_invalid_license() { + echo "Error: Outdated License File" + echo "" + echo "This Teleport Enterprise cluster is currently using an outdated license file. To resolve this issue, please follow these steps:" + echo "" + echo "1. Navigate to https://teleport.sh/ to download your updated license file." + echo "2. Refer to our documentation at https://goteleport.com/r/license for detailed instructions on updating your license." + echo "3. If you have any questions or need assistance, please reach out to our support team at support@goteleport.com." + echo "" + echo "Thank you for using Teleport." +} + +main() { + if [ ! -f "$LICENSE_PATH" ]; then + echo "License not found in $LICENSE_PATH. Please pass in a valid license path." + exit 1 + fi + + # Check if OpenSSL is installed + if ! command -v openssl >/dev/null 2>&1; then + echo "Error: openssl is not installed. Install it using your package manager (e.g., 'apt-get install openssl')." + exit 1 + fi + + START_DATE=$(openssl x509 -startdate -noout -in "$LICENSE_PATH" | sed -e "s/^notBefore=//" | sed 's/ GMT$//') + END_DATE=$(openssl x509 -enddate -noout -in "$LICENSE_PATH" | sed -e "s/^notAfter=//" | sed 's/ GMT$//') + + if [ "$(uname)" = "Darwin" ]; then + START_TIMESTAMP=$(date -jf "%b %e %T %Y" "$START_DATE" "+%s") + END_TIMESTAMP=$(date -jf "%b %e %T %Y" "$END_DATE" "+%s") + JAN_1_2024_TIMESTAMP=$(date -jf "%b %e %T %Y" "Jan 1 00:00:00 2024" "+%s") + else + START_TIMESTAMP=$(date -d "$START_DATE" "+%s") + END_TIMESTAMP=$(date -d "$END_DATE" "+%s") + JAN_1_2024_TIMESTAMP=$(date -d "Jan 1 00:00:00 2024" "+%s") + fi + + # Check if the license is issued before Jan 01 2024 + OLDLICENSE=0 + if [ "$START_TIMESTAMP" -lt "$JAN_1_2024_TIMESTAMP" ]; then + OLDLICENSE=1 + fi + + # Check license valid period + FOUR_YEARS_SECONDS=$((((4 * 365) + 1) * 24 * 60 * 60)) + INTERVAL=$((END_TIMESTAMP - START_TIMESTAMP)) + + # Check if the license validity exceeds four years and was issued before the cutoff + if [ "$INTERVAL" -ge "$FOUR_YEARS_SECONDS" ] && [ "$OLDLICENSE" -eq 1 ]; then + print_invalid_license + exit 1 + fi + + echo "Your license is valid, no actions are necessary. Thank you for using Teleport." +} + +LICENSE_PATH=/var/lib/teleport/license.pem +if [ $# -ge 1 ] && [ -n "$1" ]; then + LICENSE_PATH=$1 +fi + +main