From a239f87800bcf9f528eea3925fd08c6dd96a26b8 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Thu, 15 Jan 2026 13:25:04 -0600 Subject: [PATCH 1/3] Removed use of quickinstall script for build host setup We want to migrate the quick install script away from supporting older platforms so stop using it here where we need to support older platforms. If cf-remote doesn't work then install from source will certainly work. Ticket: ENT-13483 Changelog: none --- ci/setup-cfengine-build-host.sh | 77 ++------------------------------- 1 file changed, 3 insertions(+), 74 deletions(-) diff --git a/ci/setup-cfengine-build-host.sh b/ci/setup-cfengine-build-host.sh index afbce6495..e57c8d2fb 100755 --- a/ci/setup-cfengine-build-host.sh +++ b/ci/setup-cfengine-build-host.sh @@ -2,45 +2,6 @@ shopt -s expand_aliases thisdir="$(dirname "$0")" -# Use the newest CFEngine version we can -CFE_VERSION=3.26.0 -if [ -f /etc/centos-release ]; then - _version=$(cat /etc/centos-release | cut -d' ' -f3 | cut -d. -f1) - if [ "$_version" = "6" ]; then - CFE_VERSION=3.24.2 - fi -elif [ -f /etc/os-release ]; then - source /etc/os-release - if [ "$ID" = "debian" ]; then - if [ "$VERSION_ID" -lt "9" ]; then - echo "Platform $ID $VERSION_ID is too old." - exit 9 - fi - if [ "$VERSION_ID" -lt "11" ]; then - CFE_VERSION=3.21.7 - fi - fi - if [ "$ID" = "redhat" ] || [ "$ID" = "centos" ]; then - if [ "$VERSION_ID" -lt "6" ]; then - echo "Platform $ID $VERSION_ID is too old." - exit 9 - fi - if [ "$VERSION_ID" -lt "7" ]; then - CFE_VERSION=3.24.2 - fi - fi - if [ "$ID" = "ubuntu" ]; then - _version="$(echo "$VERSION_ID" | cut -d. -f1)" - if [ "$_version" -lt "16" ]; then - echo "Platform $ID $VERSION_ID is too old." - exit 9 - fi - if [ "$_version" -lt "20" ]; then - CFE_VERSION=3.21.7 - fi - fi -fi - # install needed packages and software for a build host set -ex if [ "$(id -u)" != "0" ]; then @@ -147,41 +108,9 @@ else fi echo "Checking for pre-installed CFEngine (chicken/egg problem)" -# We need a cf-agent to run build host setup policy and redhat-10-arm has not previous package to install. -# solution: install from source and make a custom AWS AMI image -if ! /var/cfengine/bin/cf-agent -V; then - echo "No existing CFEngine install found, try quickinstall script..." - if grep -i suse /etc/os-release; then - # need to add our public key first otherwise zypper install fails - rpm --import https://cfengine-package-repos.s3.amazonaws.com/pub/gpg.key - if grep 'VERSION.*12' /etc/os-release; then - urlget https://cfengine-package-repos.s3.amazonaws.com/enterprise/Enterprise-"$CFE_VERSION"/agent/agent_suse12_x86_64/cfengine-nova-"$CFE_VERSION"-1.suse12.x86_64.rpm - zypper install -y cfengine-nova-"$CFE_VERSION"-1.suse12.x86_64.rpm - elif grep 'VERSION.*15' /etc/os-release; then - urlget https://cfengine-package-repos.s3.amazonaws.com/enterprise/Enterprise-"$CFE_VERSION"/agent/agent_suse15_x86_64/cfengine-nova-"$CFE_VERSION"-1.suse15.x86_64.rpm - zypper install -y cfengine-nova-"$CFE_VERSION"-1.suse15.x86_64.rpm - else - echo "Unsupported suse version:" - grep VERSION /etc/os-release - exit 1 - fi - else - urlget https://s3.amazonaws.com/cfengine.packages/quick-install-cfengine-enterprise.sh - # log sha256 checksum expected and actuall for debugging purposes - echo "Expected quick install checksum: " - cat "$thisdir"/quick-install-cfengine-enterprise.sh.sha256 - echo "Actual quick install checksum: " - sha256sum quick-install-cfengine-enterprise.sh - - sha256sum --check "$thisdir"/quick-install-cfengine-enterprise.sh.sha256 - chmod +x quick-install-cfengine-enterprise.sh - export CFEngine_Enterprise_Package_Version="$CFE_VERSION" - bash ./quick-install-cfengine-enterprise.sh agent - fi -fi - +# We need a cf-agent to run build host setup policy and redhat-10-arm did not have a previous package to install. if ! /var/cfengine/bin/cf-agent -V; then - echo "quickinstall script didn't install CFEngine, try cf-remote..." + echo "No existing CFEngine install found, try cf-remote..." # try pipx first for debian as pip won't work. # If that fails to install CFEngine then try python3-pip for redhats. if software pipx; then @@ -199,7 +128,7 @@ fi if [ ! -x /var/cfengine/bin/cf-agent ]; then echo "cf-remote didn't install CFEngine, build from source..." software git - echo "quickinstall and cf-remote didn't install cf-agent, try from source" + echo "cf-remote didn't install cf-agent, try from source" CFE_VERSION=3.26.0 # need to use an actualy release which has a checksum for masterfiles download rm -rf core # just in case we are repeating the script git clone --recursive --depth 1 https://github.com/cfengine/core From 9bbda2ac76c375e2fa2b76bde638319a4537cc88 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Thu, 15 Jan 2026 13:55:16 -0600 Subject: [PATCH 2/3] always install cf-remote because we will use it to download latest masterfiles --- ci/setup-cfengine-build-host.sh | 38 +++++++++++++++++---------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/ci/setup-cfengine-build-host.sh b/ci/setup-cfengine-build-host.sh index e57c8d2fb..251ec7630 100755 --- a/ci/setup-cfengine-build-host.sh +++ b/ci/setup-cfengine-build-host.sh @@ -107,29 +107,33 @@ else exit 1 fi +echo "Installing cf-remote for possible package install and masterfiles download" +# try pipx first for debian as pip won't work. +# If that fails to install CFEngine then try python3-pip for redhats. +if software pipx; then + pipx install cf-remote + export PATH=$HOME/.local/bin:$PATH +elif software python3-pip; then + pip install cf-remote +fi +export PATH=/usr/local/bin:$PATH # add /usr/local/bin for pip/pipx installed cf-remote + +if ! command -v cf-remote; then + echo "cf-remote was not installed, it is required so exiting now" + exit 42 +fi + echo "Checking for pre-installed CFEngine (chicken/egg problem)" # We need a cf-agent to run build host setup policy and redhat-10-arm did not have a previous package to install. if ! /var/cfengine/bin/cf-agent -V; then echo "No existing CFEngine install found, try cf-remote..." - # try pipx first for debian as pip won't work. - # If that fails to install CFEngine then try python3-pip for redhats. - if software pipx; then - pipx install cf-remote - export PATH=$HOME/.local/bin:$PATH - elif software python3-pip; then - pip install cf-remote - fi - export PATH=/usr/local/bin:$PATH # add /usr/local/bin for pip/pipx installed cf-remote - if command -v cf-remote >/dev/null; then - cf-remote --log-level info --version master install --clients localhost || true - fi + cf-remote --log-level info --version master install --clients localhost || true fi if [ ! -x /var/cfengine/bin/cf-agent ]; then echo "cf-remote didn't install CFEngine, build from source..." software git echo "cf-remote didn't install cf-agent, try from source" - CFE_VERSION=3.26.0 # need to use an actualy release which has a checksum for masterfiles download rm -rf core # just in case we are repeating the script git clone --recursive --depth 1 https://github.com/cfengine/core ( @@ -139,11 +143,9 @@ if [ ! -x /var/cfengine/bin/cf-agent ]; then fi # get masterfiles -urlget https://cfengine-package-repos.s3.amazonaws.com/enterprise/Enterprise-"$CFE_VERSION"/misc/cfengine-masterfiles-"$CFE_VERSION"-1.pkg.tar.gz - -sha256sum --check "$thisdir"/cfengine-masterfiles-"$CFE_VERSION"-1.pkg.tar.gz.sha256 - -tar xf cfengine-masterfiles-"$CFE_VERSION"-1.pkg.tar.gz +rm -rf cfengine-masterfiles*tar.gz +cf-remote download masterfiles --output-dir . +tar xf cfengine-masterfiles-*tar.gz cp -a masterfiles/* /var/cfengine/inputs/ # run three times to ensure all is done From 6259270ba9e690b7f0a20d2b752342f1ab59dc19 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Thu, 15 Jan 2026 16:11:46 -0600 Subject: [PATCH 3/3] Adjust build host setup to try pip or pip3 to install cf-remote Ticket: ENT-13483 Changelog: none --- ci/setup-cfengine-build-host.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ci/setup-cfengine-build-host.sh b/ci/setup-cfengine-build-host.sh index 251ec7630..290950d8a 100755 --- a/ci/setup-cfengine-build-host.sh +++ b/ci/setup-cfengine-build-host.sh @@ -114,7 +114,14 @@ if software pipx; then pipx install cf-remote export PATH=$HOME/.local/bin:$PATH elif software python3-pip; then - pip install cf-remote + if command -v pip; then + pip install cf-remote + elif command -v pip3; then + pip3 install cf-remote + else + echo "failure: neither pip nor pip3 seem to be available." + exit 42 + fi fi export PATH=/usr/local/bin:$PATH # add /usr/local/bin for pip/pipx installed cf-remote