#!/bin/sh set -e RESET="\\033[0m" RED="\\033[31;1m" GREEN="\\033[32;1m" YELLOW="\\033[33;1m" BLUE="\\033[34;1m" WHITE="\\033[37;1m" GRAY="\\033[90;1m" print_unsupported_platform() { >&2 say_red "error: Sorry, but it looks like Netris is not supported on your platform." >&2 say_red " Currently, we support:" >&2 say_red " Supported CPU - X86-64 architecture" >&2 say_red " Supported NOS - Ubuntu 18.04/22.04 for SoftGate and Cumulus(3.7.x) / Cumulus(5.x.x) / Sonic / Ubuntu-SwitchDev Linux / Arista (Alma Linux 9) for switches." } print_reboot_required() { say_yellow "" say_yellow "ATTENTION: Switch reboot is required to apply system configuration changes" } say_green() { [ -z "${SILENT}" ] && printf "%b%s%b\\n" "${GREEN}" "$1" "${RESET}" return 0 } say_red() { printf "%b%s%b\\n" "${RED}" "$1" "${RESET}" } say_yellow() { [ -z "${SILENT}" ] && printf "%b%s%b\\n" "${YELLOW}" "$1" "${RESET}" return 0 } say_blue() { [ -z "${SILENT}" ] && printf "%b%s%b\\n" "${BLUE}" "$1" "${RESET}" return 0 } say_white() { [ -z "${SILENT}" ] && printf "%b%s%b\\n" "${WHITE}" "$1" "${RESET}" return 0 } say_gray() { [ -z "${SILENT}" ] && printf "%b%s%b\\n" "${GRAY}" "$1" "${RESET}" return 0 } host_vtep() { if [ "$DIST_CODE" != "noble" ]; then print_unsupported_platform exit 1 fi if [ "$NS_NODE_TYPE" = "acs_hyper" ]; then VTEP_AGENT_NAME="cloudstack" VTEP_AGENT_DESC="CloudStack" elif [ "$NS_NODE_TYPE" = "evpn_vtep" ]; then VTEP_AGENT_NAME="evpn-vtep" VTEP_AGENT_DESC="EVPN-VTEP" fi STAGE="" if ! command -v /opt/netris/bin/netris-${VTEP_AGENT_NAME}-agent >&6; then say_blue "=== Installing Netris-${VTEP_AGENT_DESC} Agent ===" STAGE="install" else say_blue "=== Upgrading Netris-${VTEP_AGENT_DESC} Agent ===" STAGE="upgrade" fi say_white "+ Configuring the Netris repository..." # shellcheck disable=SC2046 # https://github.com/koalaman/shellcheck/wiki/SC2046 # Disable to allow the `--silent` option to be omitted. if wget -qO - ${NETRIS_REPO_URL}/public.key | sudo apt-key add - >&6 2>&1; then echo "deb ${NETRIS_REPO_URL}/ ${DIST_CODE} ${DOWNLOAD_FROM_REPO}" | sudo tee /etc/apt/sources.list.d/netris.list >&6 say_white "+ Updating list of available packages" if [ "$NETRIS_REPO_URL" = "http://repo.netris.ai/repo" ]; then sudo apt-get update >&6 2>&1 else sudo apt-get update -o Dir::Etc::sourcelist="sources.list.d/netris.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" >&6 2>&1 fi DEBIAN_FRONTEND=noninteractive sudo apt purge unattended-upgrades -y >&6 2>&1 || echo > /dev/null DEBIAN_FRONTEND=noninteractive sudo apt purge needrestart -y >&6 2>&1 || echo > /dev/null if [ ! -f /opt/netris/installer.lock ]; then say_gray " * Proceeding with the new version of netris config files" DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confnew" install netris-${VTEP_AGENT_NAME}-agent -y --allow-downgrades >&6 2>&1 elif [ -f /opt/netris/installer.lock ]; then say_gray " * Proceeding with the current version of netris config files" DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confold" install netris-${VTEP_AGENT_NAME}-agent -y --allow-downgrades >&6 2>&1 fi if [ ! -f /opt/netris/installer.lock ]; then say_white "+ Configuring Netris-${VTEP_AGENT_DESC} Agent" config_file="/opt/netris/etc/netris.conf" temp_file="${config_file}.tmp" sed -e "s|^auth_key=.*$|auth_key=$NS_AUTH|" -e "s|^address=.*$|address=$NS_CONTROLLER|" -e "s|^server_address=.*$|server_address=$NS_CONTROLLER|" "$config_file" | sudo tee "$temp_file" >&6 2>&1 sudo mv "$temp_file" "$config_file" say_gray " + Applying changes to netris.conf" sudo ip add add $NS_LO/32 dev lo >&6 2>&1 || echo > /dev/null say_gray " + Setting up loopback IP address" sudo cp /opt/netris/scripts/collectd.conf /etc/collectd/collectd.conf sudo sed -i "s//${NS_CONTROLLER}/" /etc/collectd/collectd.conf sudo systemctl restart collectd.service say_gray " + Configuring the collectd service" OLD_HOSTNAME=$(hostname) sudo hostnamectl set-hostname $NS_HOSTNAME sudo sed -i "s/$OLD_HOSTNAME/$NS_HOSTNAME/g" /etc/hosts say_gray " + Hostname is set" sudo touch /opt/netris/installer.lock elif [ -f /opt/netris/installer.lock ]; then say_yellow "- Configuring Netris-${VTEP_AGENT_DESC} Agent Step was skipped" say_yellow " If you want to reconfigure the agent configs, please delete the '/opt/netris/installer.lock' file." fi if sudo test -f /etc/frr/daemons && sudo grep '^bgpd=no' /etc/frr/daemons >&6 2>&1; then say_gray "+ Enabling bgpd in FRR" sudo sed -i '/bgpd=no/c\bgpd=yes' /etc/frr/daemons say_gray "+ Restarting FRR service" sudo systemctl restart frr fi # Enable preserve_hostname in cloudinit ## Check if /etc/cloud/cloud.cfg file exists, and it contains "preserve_hostname: false" ### Replace preserve_hostname: false to preserve_hostname: true if sudo test -f /etc/cloud/cloud.cfg && sudo grep '^preserve_hostname: false' /etc/cloud/cloud.cfg >&6 2>&1; then sudo sed -i '/preserve_hostname: false/c\preserve_hostname: true' /etc/cloud/cloud.cfg fi ## The same for the /etc/cloud/cloud.cfg.d/91-cloud-config.cfg file if sudo test -f /etc/cloud/cloud.cfg.d/91-cloud-config.cfg && sudo grep '^preserve_hostname: false' /etc/cloud/cloud.cfg.d/91-cloud-config.cfg >&6 2>&1; then sudo sed -i '/preserve_hostname: false/c\preserve_hostname: true' /etc/cloud/cloud.cfg.d/91-cloud-config.cfg fi ## If CloudStack if [ "$NS_NODE_TYPE" = "acs_hyper" ]; then ## Check if /etc/systemd/networkd.conf file exists, and it contains "#ManageForeignRoutingPolicyRules=yes" ### Replace #ManageForeignRoutingPolicyRules=yes to ManageForeignRoutingPolicyRules=no if sudo test -f /etc/systemd/networkd.conf && sudo grep '^#ManageForeignRoutingPolicyRules=yes' /etc/systemd/networkd.conf >&6 2>&1; then sudo sed -i '/#ManageForeignRoutingPolicyRules=yes/c\ManageForeignRoutingPolicyRules=no' /etc/systemd/networkd.conf fi ## Check if /etc/systemd/networkd.conf file exists, and it contains "#ManageForeignRoutes=yes" ### Replace #ManageForeignRoutes=yes to ManageForeignRoutes=no if sudo test -f /etc/systemd/networkd.conf && sudo grep '^#ManageForeignRoutes=yes' /etc/systemd/networkd.conf >&6 2>&1; then sudo sed -i '/#ManageForeignRoutes=yes/c\ManageForeignRoutes=no' /etc/systemd/networkd.conf fi ## Check if /etc/systemd/networkd.conf file exists, and it contains "#ManageForeignNextHops=yes" ### Replace #ManageForeignNextHops=yes to ManageForeignNextHops=no if sudo test -f /etc/systemd/networkd.conf && sudo grep '^#ManageForeignNextHops=yes' /etc/systemd/networkd.conf >&6 2>&1; then sudo sed -i '/#ManageForeignNextHops=yes/c\ManageForeignNextHops=no' /etc/systemd/networkd.conf fi fi else >&2 say_red "error: failed to config the Netris repository" exit 1 fi say_blue if [ "$STAGE" = "install" ]; then say_gray "+ Enabling Forwarding on the host" echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/99-netris.conf >&6 echo "net.ipv4.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.d/99-netris.conf >&6 echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.d/99-netris.conf >&6 echo "net.ipv4.conf.default.rp_filter=0" | sudo tee -a /etc/sysctl.d/99-netris.conf >&6 echo "net.ipv4.conf.all.rp_filter=0" | sudo tee -a /etc/sysctl.d/99-netris.conf >&6 sudo sysctl -p /etc/sysctl.d/99-netris.conf say_gray "+ Starting Netris-${VTEP_AGENT_DESC} Agent service" sudo systemctl start netris-${VTEP_AGENT_NAME}-agent.service # Wait for network-manager.conf to be created say_gray "+++ Waiting for Netris agent to generate initial configuration" while [ ! -f "/opt/netris/etc/network-manager.conf" ]; do sleep 5 done say_gray "+++ Configuration file created, continuing" say_blue "=== Netris-${VTEP_AGENT_DESC} Agent is now installed! ===" say_white say_yellow "ATTENTION: You must reboot the Server to complete the installation" say_white elif [ "$STAGE" = "upgrade" ]; then say_gray "+ Restarting Netris-${VTEP_AGENT_DESC} Agent service" sudo systemctl restart netris-${VTEP_AGENT_NAME}-agent.service say_blue "=== Netris-${VTEP_AGENT_DESC} Agent is updated! ===" fi } switch() { if [ "$DIST_CODE" = "focal" ] || [ "$DIST_CODE" = "jammy" ] || [ "$DIST_CODE" = "noble" ]; then print_unsupported_platform exit 1 fi STAGE="" if ! command -v /opt/netris/bin/vxpd >&6 && ! command -v /opt/netris/bin/vxpd-nvue >&6; then say_blue "=== Installing Netris-Switch Agent ===" STAGE="install" else say_blue "=== Upgrading Netris-Switch Agent ===" STAGE="upgrade" fi say_white "+ Configuring the Netris repository..." if wget -qO - ${NETRIS_REPO_URL}/public.key | sudo apt-key add - >&6 2>&1; then echo "deb ${NETRIS_REPO_URL}/ ${DIST_CODE} ${DOWNLOAD_FROM_REPO}" | sudo tee /etc/apt/sources.list.d/netris.list >&6 if [ "$DIST_VERSION" = "ubuntu18.04" ]; then echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections fi # If cumulus 3.7 ## import new PGP key if [ "$DIST_VERSION" = "cumulus3.7" ]; then wget -qO - http://repo3.cumulusnetworks.com/public-key/repo3-2023-key | sudo apt-key add - >&6 2>&1 fi say_white "+ Updating list of available packages" if [ "$NETRIS_REPO_URL" = "http://repo.netris.ai/repo" ]; then sudo apt-get update >&6 2>&1 else sudo apt-get update -o Dir::Etc::sourcelist="sources.list.d/netris.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" >&6 2>&1 fi say_white "+ Installing Netris agent package and dependencies, it may take a few minutes" # identify Cumulus Agent NETRIS_SW="netris-sw" if [ "$HW_NOS" = "cumulus_nvue" ]; then NETRIS_SW="netris-nvue-sw" fi if [ ! -f /opt/netris/installer.lock ]; then say_gray " * Proceeding with the new version of netris config files" if [ -n "$CONTROLLER_VERSION" ] && [ "$DIST_VERSION" = "cumulus3.7" ]; then DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confnew" install ${NETRIS_SW}=${CONTROLLER_VERSION}* -y >&6 2>&1 elif [ -n "$CONTROLLER_VERSION" ]; then DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confnew" install ${NETRIS_SW}=${CONTROLLER_VERSION}* -y --allow-downgrades >&6 2>&1 else DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confnew" install ${NETRIS_SW} -y >&6 2>&1 fi say_white "+ Initialize the Switch" sudo /opt/netris/bin/netris-setup --auth=$NS_AUTH --controller=$NS_CONTROLLER --hostname=$NS_HOSTNAME --lo=$NS_LO elif [ -f /opt/netris/installer.lock ]; then say_gray " * Proceeding with the current version of netris config files" if [ -n "$CONTROLLER_VERSION" ] && [ "$DIST_VERSION" = "cumulus3.7" ]; then DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confold" install ${NETRIS_SW}=${CONTROLLER_VERSION}* -y >&6 2>&1 elif [ -n "$CONTROLLER_VERSION" ]; then DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confold" install ${NETRIS_SW}=${CONTROLLER_VERSION}* -y --allow-downgrades >&6 2>&1 else DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confold" install ${NETRIS_SW} -y >&6 2>&1 fi say_yellow "- Initialize the Switch Step was skipped" say_yellow " If you want to reinitialize the device setup process, please delete the '/opt/netris/installer.lock' file." fi if [ "$STAGE" = "install" ] && [ "$DIST_VERSION" = "ubuntu18.04" ]; then sudo ifreload -a >&6 2>&1 sudo systemctl restart frr >&6 sudo /opt/netris/bin/vxpd >&6 2>&1 || echo > /dev/null fi else >&2 say_red "error: failed to config the Netris repository" exit 1 fi # Check the CONTROLLER_VERSION is set and if Cumulus is 5.x.x and "$HW_NOS" != "cumulus_nvue" if [ -n "$CONTROLLER_VERSION" ] && [ "$DIST_VERSION" = "cumulus5" ] && [ "$HW_NOS" != "cumulus_nvue" ]; then # If CONTROLLER_VERSION version is NOT equal to 3.*.* ## Check if /etc/cumulus/switchd.conf file exists, and it doesn't contain "evpn.multihoming.enable=TRUE" (whitespaces excluded) ### If the file contains line with '*evpn.multihoming.enable*' replace it with evpn.multihoming.enable=TRUE ### Else append the file with evpn.multihoming.enable=TRUE line if [ -n "${CONTROLLER_VERSION##3.*.*}" ]; then if sudo test -f /etc/cumulus/switchd.conf && ! cat /etc/cumulus/switchd.conf |tr -d ' '| grep '^evpn.multihoming.enable=TRUE' >&6 2>&1; then if sudo grep 'evpn.multihoming.enable' /etc/cumulus/switchd.conf >&6 2>&1; then sudo sed -i 's/.*evpn.multihoming.enable.*/evpn.multihoming.enable=TRUE/' /etc/cumulus/switchd.conf print_reboot_required else echo 'evpn.multihoming.enable=TRUE' | sudo tee -a /etc/cumulus/switchd.conf >&6 print_reboot_required fi fi fi fi # Check if CUMULUS if [ "$CUMULUS" = "true" ]; then SW_ASIC="" # Check if net command is exists ## If yes - get the ASIC info if command -v net >&6; then SW_ASIC=$(sudo net show system |grep -w ASIC || echo > /dev/null) fi # Parse SW_ASIC var case $SW_ASIC in *"Spectrum"*) SW_ASIC="Spectrum";; esac # If SW_ASIC is equal to Spectrum and "$HW_NOS" != "cumulus_nvue" ## Check if /etc/cumulus/switchd.conf file exists, and it doesn't contain "acl.non_atomic_update_mode=FALSE" (whitespaces excluded) ### If the file contains line with '*acl.non_atomic_update_mode*' replace it with acl.non_atomic_update_mode=FALSE ### Else append the file with acl.non_atomic_update_mode=FALSE line if [ "$SW_ASIC" = "Spectrum" ] && [ "$HW_NOS" != "cumulus_nvue" ]; then if sudo test -f /etc/cumulus/switchd.conf && ! cat /etc/cumulus/switchd.conf |tr -d ' '| grep '^acl.non_atomic_update_mode=FALSE' >&6 2>&1; then if sudo grep 'acl.non_atomic_update_mode' /etc/cumulus/switchd.conf >&6 2>&1; then sudo sed -i 's/.*acl.non_atomic_update_mode.*/acl.non_atomic_update_mode=FALSE/' /etc/cumulus/switchd.conf print_reboot_required else echo 'acl.non_atomic_update_mode=FALSE' | sudo tee -a /etc/cumulus/switchd.conf >&6 print_reboot_required fi fi fi fi # Check the CONTROLLER_VERSION is set if [ -n "$CONTROLLER_VERSION" ]; then # Check if CONTROLLER_VERSION version is NOT equal to 3.*.* ## Check if /etc/collectd/xc_types.db file exists, and it doesn't contain "if_optic rx1'" ### Append appropriate line if [ -n "${CONTROLLER_VERSION##3.*.*}" ]; then if sudo test -f /etc/collectd/xc_types.db && ! grep '^if_optic rx1' /etc/collectd/xc_types.db >&6 2>&1; then echo 'if_optic rx1:GAUGE:-5000:5000, tx1:GAUGE:-5000:5000, rx2:GAUGE:-5000:5000, tx2:GAUGE:-5000:5000, rx3:GAUGE:-5000:5000, tx3:GAUGE:-5000:5000, rx4:GAUGE:-5000:5000, tx4:GAUGE:-5000:5000' | sudo tee -a /etc/collectd/xc_types.db >&6 fi fi fi say_blue if [ "$STAGE" = "install" ]; then say_blue "=== Netris-Switch Agent is now installed! ===" elif [ "$STAGE" = "upgrade" ]; then say_blue "=== Netris-Switch Agent is upgraded! ===" fi } sonic() { STAGE="" if ! command -v /opt/netris/netris.sh >&6; then say_blue "=== Installing Netris-Switch Agent ===" STAGE="install" else say_blue "=== Upgrading Netris-Switch Agent ===" STAGE="upgrade" fi # --- use sudo if we are not already root --- SUDO=sudo if [ $(id -u) -eq 0 ]; then SUDO= fi $SUDO mkdir -p /opt/netris/scripts # identify SONiC provider DELL=0 SONIC_VENDOR=$(show version | grep Product 2>&6 || echo) SONIC_VENDOR=$(echo $SONIC_VENDOR | tr '[:upper:]' '[:lower:]') if [ -n "$SONIC_VENDOR" ]; then if [ -z "${SONIC_VENDOR##*dell*}" ]; then DELL=1 elif [ -z "${SONIC_VENDOR##*broadcom*}" ]; then DELL=1 fi fi HW_NOS="old_ec_sonic" OLD_SONIC_IMAGE_TAG=$SONIC_IMAGE_TAG # change repo address in case vendor is dell if [ $DELL -eq 1 ]; then SONIC_IMAGE_REPOSITORY=$DELL_SONIC_IMAGE_REPOSITORY HW_NOS="dell_sonic" elif [ "$NS_NODE_TYPE" = "switch" ]; then SONIC_IMAGE_REPOSITORY=$ES_SONIC_IMAGE_REPOSITORY HW_NOS="ec_sonic" fi SONIC_IMAGE_TAG=$(echo "$VERSION_MATRIX" | awk -F'|' -v os="$HW_NOS" -v ctl="$CONTROLLER_VERSION" '$1 == os && $2 == ctl {print $3; exit}') if [ "$HW_NOS" = "old_ec_sonic" ]; then SONIC_IMAGE_TAG=$OLD_SONIC_IMAGE_TAG else # If no match found, exit with error if [ -z "$SONIC_IMAGE_TAG" ]; then print_unsupported_platform exit 1 fi fi say_gray "+++ Setting netris environment variables +++" cat << EOF | $SUDO tee /opt/netris/variables.env >&6 # Host system USER=root CONTAINER_NAME=netris NETRIS_PUB_KEY=/\$USER/.ssh/netris_key.pub AUTHORIZED_KEYS=/\$USER/.ssh/authorized_keys IMAGE_NAME=${SONIC_IMAGE_REPOSITORY}:${SONIC_IMAGE_TAG} # App inside container AUTH_KEY=$NS_AUTH CONTROLLER=$NS_CONTROLLER EOF say_gray "+++ Getting the latest version of netris tech support script +++" $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/sonic/netris-tech-support.sh -o /opt/netris/scripts/netris-tech-support.sh $SUDO chmod +x /opt/netris/scripts/netris-tech-support.sh if [ "$STAGE" = "install" ]; then if [ "$NS_NODE_TYPE" = "switch" ] && [ $DELL -eq 0 ]; then # new ES-Sonic say_gray "+++ Installing scripts into /opt/netris directory +++" $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/essonic/patches.tar -o /opt/netris/patches.tar tar -xf /opt/netris/patches.tar -C /opt/netris/ chmod +x /opt/netris/patches/patch.bin $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/essonic/netris.sh -o /opt/netris/netris.sh $SUDO chmod +x /opt/netris/netris.sh $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/essonic/netris.service -o /etc/systemd/system/netris.service say_gray "+++ Applying ntp patches +++" set +e err=$(/opt/netris/patches/patch.bin -N -u /usr/local/lib/python3.9/dist-packages/config/main.py < /opt/netris/patches/ntp/config.main.patch 2>&1) if [ $? -ne 0 ]; then say_red "$err" fi err=$(/opt/netris/patches/patch.bin -N -u /usr/local/lib/python3.9/dist-packages/utilities_common/cli.py < /opt/netris/patches/ntp/utilities_common.cli.patch 2>&1) if [ $? -ne 0 ]; then say_red "$err" fi set -e say_gray "+++ Enabling netris.service +++" $SUDO systemctl enable netris.service 2>&6 say_gray "+++ Setting system parameters +++" $SUDO config interface ip add Loopback $NS_LO/32 $SUDO config hostname $NS_HOSTNAME $SUDO config save -y elif [ $DELL -eq 0 ]; then # OLD EdgeCore say_gray "+++ Installing scripts into /opt/netris directory +++" $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/sonic/netris.sh -o /opt/netris/netris.sh $SUDO chmod +x /opt/netris/netris.sh $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/sonic/netris.service -o /etc/systemd/system/netris.service say_gray "+++ Enabling netris.service +++" $SUDO systemctl enable netris.service 2>&6 say_gray "+++ Setting system parameters +++" $SUDO /usr/local/bin/sonic-cfggen -H -p /usr/share/sonic/device/$(show platform summary | awk '$1 == "Platform:" {print $2}')/platform.json -k $(show platform summary | awk '$1 == "HwSKU:" {print $2}') -j /etc/sonic/init_cfg.json --print-data | $SUDO tee /etc/sonic/config_db.json >&6 $SUDO jq '.DEVICE_METADATA.localhost.hostname = "'$NS_HOSTNAME'" | .DEVICE_METADATA.localhost.type = "LeafRouter" | .DEVICE_METADATA.localhost.docker_routing_config_mode = "split" | .LOOPBACK_INTERFACE."Loopback0|'$NS_LO'/32" = {} | .MGMT_INTERFACE."eth0|'$(ip address show eth0 | grep "inet\ " | awk '{ print $2 }')'".gwaddr = "'$(ip route show | grep default | awk '{ print $3 }')'" | .FEATURE.nat.state = "disabled" | .FEATURE.sflow.state = "disabled" | .FEATURE.snmp.state = "disabled" | .FEATURE.netris.auto_restart = "enabled" | .FEATURE.netris.has_global_scope = "True" | .FEATURE.netris.has_per_asic_scope = "False" | .FEATURE.netris.has_timer = "False" | .FEATURE.netris.high_mem_alert = "disabled" | .FEATURE.netris.state = "enabled"' /etc/sonic/config_db.json > /tmp/config_db.json $SUDO cp /tmp/config_db.json /etc/sonic/config_db.json $SUDO /usr/bin/systemctl disable caclmgrd 2>&6 $SUDO /usr/bin/systemctl stop caclmgrd 2>&6 else # Dell say_gray "+++ Installing scripts into /opt/netris directory +++" $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/dellsonic/netris.sh -o /opt/netris/netris.sh $SUDO chmod +x /opt/netris/netris.sh $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/dellsonic/netris.service -o /etc/systemd/system/netris.service say_gray "+++ Enabling netris.service +++" $SUDO systemctl enable netris.service 2>&6 say_gray "+++ Setting system parameters +++" /usr/bin/sonic-cli -c "configure terminal" -c "hostname ${NS_HOSTNAME}" /usr/bin/sonic-cli -c "configure terminal" -c "interface Loopback0" -c "ip address ${NS_LO}/32" /usr/bin/sonic-cli -c "write memory" fi fi if [ "$NETRIS_REPO_URL" != "http://repo.netris.ai/repo" ]; then if [ $DELL -eq 1 ]; then say_gray "+++ Downloading Dell-Sonic docker images from local registry +++" $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/dellsonic/dell-sonic.tar.gz -o /opt/netris/dell-sonic.tar.gz say_gray "+++ Decompressing dell-sonic.tar.gz +++" $SUDO gunzip -f /opt/netris/dell-sonic.tar.gz || { say_red "Failed to decompress /opt/netris/dell-sonic.tar.gz"; exit 1; } say_gray "+++ Loading image from dell-sonic.tar... +++" docker load -i /opt/netris/dell-sonic.tar || { say_red "Failed to load image"; exit 1; } fi else say_gray "+++ Pulling the latest netris image +++" if ! $SUDO sh -c 'SONIC_IMAGE_REPOSITORY="$1" SONIC_IMAGE_TAG="$2" && for eachattempt in $(seq 1 3);do docker pull "$SONIC_IMAGE_REPOSITORY":"$SONIC_IMAGE_TAG" && exit 0 || sleep 3;done;exit 1' _ "$SONIC_IMAGE_REPOSITORY" "$SONIC_IMAGE_TAG"; then say_red "Docker pull command failed after 3 attempts" exit 1 fi fi if [ "$STAGE" = "upgrade" ]; then # new ec-sonic upgrade if [ "$NS_NODE_TYPE" = "switch" ] && [ $DELL -eq 0 ]; then $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/essonic/netris.sh -o /opt/netris/netris.sh $SUDO chmod +x /opt/netris/netris.sh $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/essonic/netris.service -o /etc/systemd/system/netris.service say_gray "+++ Enabling netris.service +++" $SUDO systemctl daemon-reload 2>&6 $SUDO systemctl enable netris.service 2>&6 fi say_gray "+++ Restarting netris.service +++" $SUDO systemctl restart netris.service >&6 fi say_blue if [ "$STAGE" = "install" ]; then say_blue "=== Netris-Switch Agent is installed! ===" say_white say_yellow "ATTENTION: You must reboot the Switch to complete the installation" say_white elif [ "$STAGE" = "upgrade" ]; then say_blue "=== Netris-Switch Agent is updated! ===" fi } arista() { STAGE="" if [ ! -f /mnt/flash/netris.state ]; then say_blue "=== Installing Netris-Switch Agent ===" STAGE="install" else say_blue "=== Upgrading Netris-Switch Agent ===" STAGE="upgrade" fi # --- use sudo if we are not already root --- SUDO=sudo if [ $(id -u) -eq 0 ]; then SUDO= fi ARISTA_FIRST_INIT="NO" if [ ! -s /mnt/flash/netris.state ]; then ARISTA_FIRST_INIT="YES" say_gray "+++ Proceeding with the new version of netris config files" echo -n | $SUDO tee /mnt/flash/netris.state echo NS_AUTH=$NS_AUTH | $SUDO tee -a /mnt/flash/netris.state >&6 echo NS_HOSTNAME=$NS_HOSTNAME | $SUDO tee -a /mnt/flash/netris.state >&6 echo NS_CONTROLLER=$NS_CONTROLLER | $SUDO tee -a /mnt/flash/netris.state >&6 echo NS_LO=$NS_LO | $SUDO tee -a /mnt/flash/netris.state >&6 else say_gray "+++ Proceeding with the current version of netris config files" fi ARISTA_RPM_TAG=$(echo "$VERSION_MATRIX" | awk -F'|' -v os="$HW_NOS" -v ctl="$CONTROLLER_VERSION" '$1 == os && $2 == ctl {print $3; exit}') # If no match found, exit with error if [ -z "$ARISTA_RPM_TAG" ]; then print_unsupported_platform exit 1 fi $SUDO curl -sSk ${MINIO_URL}/arista/vxpd-arista-${ARISTA_RPM_TAG}.rpm -o /mnt/flash/vxpd-arista-${ARISTA_RPM_TAG}.rpm FastCli -p 15 -c "copy flash:vxpd-arista-${ARISTA_RPM_TAG}.rpm extension:" >&6 FastCli -p 15 -c "extension vxpd-arista-${ARISTA_RPM_TAG}.rpm" FastCli -p 15 -c "copy installed-extensions boot-extensions" >&6 if [ "$ARISTA_FIRST_INIT" = "NO" ]; then say_yellow "- Initialize the Switch Step was skipped" say_yellow " If you want to reinitialize the device setup process, please delete the '/mnt/flash/netris.state' file." fi if [ "$STAGE" = "install" ]; then say_blue "=== Netris-Switch Agent is installed! ===" elif [ "$STAGE" = "upgrade" ]; then say_blue "=== Netris-Switch Agent is updated! ===" fi } controller() { # --- use sudo if we are not already root --- SUDO=sudo if [ $(id -u) -eq 0 ]; then SUDO= fi # --- use binary install directory if defined or create default --- if [ -n "${INSTALL_K3S_BIN_DIR}" ]; then BIN_DIR=${INSTALL_K3S_BIN_DIR} else # --- use /usr/local/bin if root can write to it, otherwise use /opt/bin if it exists BIN_DIR=/usr/local/bin if ! $SUDO sh -c "touch ${BIN_DIR}/k3s-ro-test && rm -rf ${BIN_DIR}/k3s-ro-test"; then if [ -d /opt/bin ]; then BIN_DIR=/opt/bin fi fi fi STAGE="" if [ ! -f ${BIN_DIR}/k3s ]; then say_blue "=== Installing Netris-Controller ===" STAGE="install" else say_blue "=== Upgrading Netris-Controller ===" STAGE="upgrade" fi # --- workaround for equinix ubuntu 22.04 if [ -s /etc/resolv.conf ] && grep -w Jammy /etc/os-release >&6 2>&1 && [ -L "/etc/resolv.conf" ] && curl --connect-timeout 1 https://metadata.platformequinix.com/metadata >&6 2>&1 && grep '^search' /etc/resolv.conf >&6 2>&1; then DNS_SEARCH=$(grep '^search' /etc/resolv.conf|awk {'print $2'}) if [ "$DNS_SEARCH" = "DOMAINS" ]; then $SUDO rm /etc/resolv.conf cat << EOF | $SUDO tee /etc/resolv.conf >&6 nameserver 147.75.207.207 nameserver 147.75.207.208 search . EOF $SUDO chattr -i /etc/resolv.conf fi fi if [ "$STAGE" = "install" ]; then say_gray "+++ Installing Lightweight Kubernetes +++" curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.23.14+k3s1 sh -s - --write-kubeconfig-mode 644 until /usr/local/bin/kubectl wait --timeout=80s --for=condition=Ready pods -l k8s-app -n kube-system 2>&6 do echo "Waiting for the Kubernetes to become ready" sleep 3 done fi # --- update k3s version if older than $DESIRE_K3S_VERSION # if [ "$STAGE" = "upgrade" ] && [ -n "${CONTROLLER_CHART_VERSION##1.0.*}" ]; then # CURRENT_K3S_VERSION=$(${BIN_DIR}/k3s -v | grep 'k3s version' | awk {'print $3'}) # SORTED_K3S_VERSION=$(echo -e "$DESIRE_K3S_VERSION\n$CURRENT_K3S_VERSION" | sort -V | head -1) # if [ "$SORTED_K3S_VERSION" != "$DESIRE_K3S_VERSION" ]; then # say_gray "+++ Upgrading the Kubernetes version +++" # say_red "*** DON'T PANIC, DON'T INTERRUPT THE PROCESS ***" # curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.22.16+k3s1 sh -s - --write-kubeconfig-mode 644 # say_gray "+++ Waiting for the Kubernetes to become ready (70 sec) +++" # sleep 70 # until /usr/local/bin/kubectl wait --timeout=80s --for=condition=Ready pods -l k8s-app -n kube-system 2>&6 # do # echo "Waiting for the Kubernetes to become ready" # sleep 3 # done # until /usr/local/bin/kubectl wait --timeout=80s --for=condition=Ready pods -l app.kubernetes.io/name=traefik -n kube-system 2>&6 # do # echo "Waiting for the Kubernetes to become ready" # sleep 3 # done # until /usr/local/bin/kubectl wait --timeout=300s --for=condition=Ready pods -l app.kubernetes.io/name=netris-controller -n netris-controller 2>&6 # do # echo "Waiting for the Kubernetes to become ready" # sleep 3 # done # say_blue "+++ The Kubernetes has been updated! +++" # fi # fi if [ "$STAGE" = "install" ]; then say_gray "+++ Creating manifest for Traefik Helm Chart configuration +++" cat << EOF | $SUDO tee /var/lib/rancher/k3s/server/manifests/traefik-config.yaml >&6 apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: traefik namespace: kube-system spec: valuesContent: |- service: spec: externalTrafficPolicy: Local EOF say_gray "+++ Creating manifest for Cert-Manager Helm Chart installation +++" cat << EOF | $SUDO tee /var/lib/rancher/k3s/server/manifests/cert-manager.yaml >&6 apiVersion: v1 kind: Namespace metadata: labels: app: cert-manager name: cert-manager --- apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: cert-manager namespace: cert-manager spec: chart: https://charts.jetstack.io/charts/cert-manager-v1.7.3.tgz targetNamespace: cert-manager valuesContent: |- installCRDs: true --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: selfsigned spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: devops+k3s-letsencrypt@netris.ai privateKeySecretRef: name: letsencrypt-http01-prod solvers: - http01: ingress: class: traefik EOF say_gray "+++ Creating manifest for Netris-Controller Helm Chart installation +++" elif [ "$STAGE" = "upgrade" ]; then say_gray "+++ Upgrading Netris-Controller Helm Chart manifest +++" fi if [ -z "${CONTROLLER_CHART_VERSION##1.0.*}" ] ;then cat << EOF | $SUDO tee /var/lib/rancher/k3s/server/manifests/netris-controller.yaml >&6 apiVersion: v1 kind: Namespace metadata: labels: app: netris-controller name: netris-controller --- apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: netris-controller namespace: netris-controller spec: chart: https://github.com/netrisai/charts/releases/download/netris-controller-${CONTROLLER_CHART_VERSION}/netris-controller-${CONTROLLER_CHART_VERSION}.tgz targetNamespace: netris-controller valuesContent: |- redis: master: disableCommands: [] app: ingress: hosts: [] EOF else cat << EOF | $SUDO tee /var/lib/rancher/k3s/server/manifests/netris-controller.yaml >&6 apiVersion: v1 kind: Namespace metadata: labels: app: netris-controller name: netris-controller --- apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: netris-controller namespace: netris-controller spec: failurePolicy: abort chart: https://github.com/netrisai/charts/releases/download/netris-controller-${CONTROLLER_CHART_VERSION}/netris-controller-${CONTROLLER_CHART_VERSION}.tgz targetNamespace: netris-controller valuesContent: |- netris: webLogin: netris webPassword: ${CONTROLLER_DEFAULT_PASSWORD} redis: master: disableCommands: [] ingress: hosts: [] EOF fi if [ -s /var/lib/rancher/k3s/netris.env ]; then export $(cat /var/lib/rancher/k3s/netris.env | xargs) fi # Cleaning netris.env file echo -n | $SUDO tee /var/lib/rancher/k3s/netris.env if [ -n "$CTL_INGRESS_HOSTNAME" ]; then echo NETRIS_K3S_INGRESS_HOSTNAME=$CTL_INGRESS_HOSTNAME | $SUDO tee -a /var/lib/rancher/k3s/netris.env >&6 elif [ -n "$NETRIS_K3S_INGRESS_HOSTNAME" ]; then echo NETRIS_K3S_INGRESS_HOSTNAME=$NETRIS_K3S_INGRESS_HOSTNAME | $SUDO tee -a /var/lib/rancher/k3s/netris.env >&6 fi if [ -n "$CTL_SSL_ISSUER" ]; then echo NETRIS_K3S_SSL_ISSUER=$CTL_SSL_ISSUER | $SUDO tee -a /var/lib/rancher/k3s/netris.env >&6 elif [ -n "$NETRIS_K3S_SSL_ISSUER" ]; then echo NETRIS_K3S_SSL_ISSUER=$NETRIS_K3S_SSL_ISSUER | $SUDO tee -a /var/lib/rancher/k3s/netris.env >&6 else echo NETRIS_K3S_SSL_ISSUER=selfsigned | $SUDO tee -a /var/lib/rancher/k3s/netris.env >&6 fi export $(cat /var/lib/rancher/k3s/netris.env | xargs) if [ -z "${CONTROLLER_CHART_VERSION##1.0.*}" ] ;then SECOND_INGRESS_TARGET="app" else SECOND_INGRESS_TARGET="web-service-frontend" fi if [ -n "$NETRIS_K3S_INGRESS_HOSTNAME" ]; then cat << EOF | $SUDO tee /var/lib/rancher/k3s/server/manifests/netris-controller-ingress-host.yaml >&6 apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: $NETRIS_K3S_SSL_ISSUER traefik.ingress.kubernetes.io/router.tls: "true" name: netris-controller-${SECOND_INGRESS_TARGET}-with-hostname namespace: netris-controller spec: rules: - host: $NETRIS_K3S_INGRESS_HOSTNAME http: paths: - backend: service: name: netris-controller-${SECOND_INGRESS_TARGET} port: number: 80 path: / pathType: Prefix tls: - hosts: - $NETRIS_K3S_INGRESS_HOSTNAME secretName: $(echo $NETRIS_K3S_INGRESS_HOSTNAME | tr '.' '-')-tls --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: http-redirect-ingressroute namespace: netris-controller spec: entryPoints: - web routes: - match: Host(\`${NETRIS_K3S_INGRESS_HOSTNAME}\`) kind: Rule services: - name: netris-controller-${SECOND_INGRESS_TARGET} port: 80 middlewares: - name: https-redirect --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: https-redirect namespace: netris-controller spec: redirectScheme: scheme: https permanent: true EOF fi # Create manifest for netris-squid $SUDO curl -sSk ${DOWNLOAD_FROM_HOST}/netris-controller-squid.yaml -o /var/lib/rancher/k3s/server/manifests/netris-controller-squid.yaml until /usr/local/bin/kubectl wait --timeout=300s --for=condition=Ready pods -l app.kubernetes.io/name=netris-controller -n netris-controller 2>&6 do echo "Waiting for the Netris-Controller pods to become ready, may take 5-10 minutes depending upon your connection and compute speeds" sleep 3 done export CTL_EXTERNAL_IP=$(/usr/local/bin/kubectl -n netris-controller get svc -l app.kubernetes.io/name=haproxy -o=jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}') if [ -n "$NETRIS_K3S_INGRESS_HOSTNAME" ]; then export CTL_EXTERNAL_IP=${NETRIS_K3S_INGRESS_HOSTNAME} fi say_blue if [ "$STAGE" = "install" ]; then say_blue "=== Netris-Controller now is installed! ===" say_blue "Go to the Netris Controller GUI using a browser - http://${CTL_EXTERNAL_IP}" say_yellow "Use netris/newNet0ps credentials." elif [ "$STAGE" = "upgrade" ]; then say_blue "=== Netris-Controller update job has been scheduled! ===" fi say_blue } softgate() { STAGE="" if ! command -v /opt/netris/bin/offloaderpd >&6; then say_blue "=== Installing Netris-SG Agent ===" STAGE="install" else say_blue "=== Upgrading Netris-SG Agent ===" STAGE="upgrade" fi say_white "+ Configuring the Netris repository..." # identify Softgate Agent NETRIS_SG_AGENT="netris-sg" if [ "$NS_NODE_TYPE" = "softgate_hs" ]; then NETRIS_SG_AGENT="netris-sg-hs" fi if [ "$NS_NODE_TYPE" = "softgate_pro" ]; then NETRIS_SG_AGENT="netris-sg-pro" fi # shellcheck disable=SC2046 # https://github.com/koalaman/shellcheck/wiki/SC2046 # Disable to allow the `--silent` option to be omitted. if wget -qO - ${NETRIS_REPO_URL}/public.key | sudo apt-key add - >&6 2>&1; then echo "deb ${NETRIS_REPO_URL}/ ${DIST_CODE} ${DOWNLOAD_FROM_REPO}" | sudo tee /etc/apt/sources.list.d/netris.list >&6 DPDK="" EQUINIX_METAL="" AWS_EC2="" if curl --connect-timeout 1 https://metadata.platformequinix.com/metadata >&6 2>&1; then EQUINIX_METAL="yes" fi # checks if the instance is running on AWS EC2 by making a connection to the metadata service endpoint using the curl if curl --connect-timeout 1 http://169.254.169.254/latest/meta-data >&6 2>&1; then AWS_EC2="yes" fi case $(lspci) in *"Mellanox Technologies MT28851"*) DPDK="yes";; *"Mellanox Technologies MT28850"*) DPDK="yes";; *"Mellanox Technologies MT28841"*) DPDK="yes";; *"Mellanox Technologies MT28800"*) DPDK="yes";; *"Mellanox Technologies MT27800"*) DPDK="yes";; *"ConnectX-6"*) DPDK="yes";; *"ConnectX-5"*) DPDK="yes";; *) DPDK="no" ;; esac if [ "$EQUINIX_METAL" = "yes" ]; then DPDK="no" SKIP_IFUPDOWN_MIGRATION="true" if [ -n "$CONTROLLER_VERSION" ]; then if [ -n "${CONTROLLER_VERSION##3.0.*}" ] && [ -n "${CONTROLLER_VERSION##3.1.*}" ] && [ -n "${CONTROLLER_VERSION##3.2.*}" ]; then sudo sed -i '/ pre-up sleep 4/c\# pre-up sleep 4' /etc/network/interfaces 2>&6 || echo > /dev/null fi fi fi # If the script has been run to install softgate on AWS EC2 if [ "$AWS_EC2" = "yes" ]; then ## Disable DPDK DPDK="no" fi if [ "$DPDK_FORCE_NO" = "true" ]; then ## Disable DPDK DPDK="no" fi if [ "$NS_NODE_TYPE" = "softgate_hs" ]; then DPDK="no" fi if [ "$DIST_CODE" = "jammy" ]; then DPDK="no" fi if [ "$DPDK" = "yes" ]; then say_green "+ Supported smart nic has been detected" if [ "$DIST_CODE" != "jammy" ] || [ "$DIST_CODE" != "noble" ]; then say_white "+ Configuring the smart nic drivers repository..." wget -qO - https://www.mellanox.com/downloads/ofed/RPM-GPG-KEY-Mellanox | sudo apt-key add - >&6 2>&1 sudo wget http://linux.mellanox.com/public/repo/mlnx_ofed/5.4-1.0.3.0/${DIST_VERSION}/mellanox_mlnx_ofed.list -O /etc/apt/sources.list.d/mellanox_mlnx_ofed.list >&6 2>&1 fi else say_yellow "- Supported smart nic not detected, hardware offload will not be available" fi say_white "+ Updating list of available packages" if [ "$NETRIS_REPO_URL" = "http://repo.netris.ai/repo" ]; then sudo apt-get update >&6 2>&1 else sudo apt-get update -o Dir::Etc::sourcelist="sources.list.d/netris.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" >&6 2>&1 fi if [ "$DPDK" = "yes" ] && [ "$DIST_CODE" != "jammy" ] || [ "$DPDK" = "yes" ] && [ "$DIST_CODE" != "noble" ]; then say_white "+ Installing smart nic driver, it may take a while" sudo apt-get install mlnx-ofed-dpdk -y >&6 2>&1 fi if [ "$STAGE" = "install" ] && [ "$SKIP_IFUPDOWN_MIGRATION" != "true" ]; then say_white "+ Generating ifupdown config based on netplan" curl -sS ${DOWNLOAD_FROM_HOST}/migrate2ifupdown -o /tmp/migrate2ifupdown if chmod +x /tmp/migrate2ifupdown && sudo /tmp/migrate2ifupdown -n /etc/netplan/$(sudo ls -t /etc/netplan|grep -E '.yml$|.yaml$'|head -n1) -i /tmp/ifupdown-generated-config; then say_white "+ Ifupdown config generated" else >&2 say_red "error: Failed to generate ifupdown config based on netplan. Please make sure that netplan" >&2 say_red " config yaml is present in /etc/netplan/ directory; or use --skip-ifupdown-migration" >&2 say_red " argument to skip this step." >&2 say_red "" >&2 say_gray " Argument usage example: 'curl -fsSL ${DOWNLOAD_FROM_HOST} | sh -s -- ... --skip-ifupdown-migration'" >&2 say_red "" >&2 say_red " Note: if ifupdown migration step was skipped, you would have to configure ifupdown manually" >&2 say_red " in /etc/network/interfaces file." exit 1 fi fi say_white "+ Installing Netris agent package and dependencies, it may take a few minutes" DEBIAN_FRONTEND=noninteractive sudo apt purge unattended-upgrades -y >&6 2>&1 || echo > /dev/null DEBIAN_FRONTEND=noninteractive sudo apt purge needrestart -y >&6 2>&1 || echo > /dev/null if [ ! -f /opt/netris/installer.lock ]; then say_gray " * Proceeding with the new version of netris config files" if [ -n "$CONTROLLER_VERSION" ]; then DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confnew" install ifupdown2=1.2.9 ${NETRIS_SG_AGENT}=${CONTROLLER_VERSION}* -y --allow-downgrades >&6 2>&1 else DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confnew" install ifupdown2=1.2.9 ${NETRIS_SG_AGENT} -y >&6 2>&1 fi elif [ -f /opt/netris/installer.lock ]; then say_gray " * Proceeding with the current version of netris config files" if [ -n "$CONTROLLER_VERSION" ]; then DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confold" install ifupdown2=1.2.9 ${NETRIS_SG_AGENT}=${CONTROLLER_VERSION}* -y --allow-downgrades >&6 2>&1 else DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confold" install ifupdown2=1.2.9 ${NETRIS_SG_AGENT} -y >&6 2>&1 fi fi # If EQUINIX_METAL ## Retrieve bond0 mac address from metadata and save in BOND0MACADDRESS var ### Check if $BOND0MACADDRESS is not empty and /etc/network/interfaces contains: '# pre-up sleep 4' #### Check if /etc/network/interfaces does not contain: ' hwaddress' ##### Find line - 'iface bond0 inet static' in /etc/network/interfaces and 'hwaddress ${BOND0MACADDRESS}' in the line below if [ "$EQUINIX_METAL" = "yes" ]; then BOND0MACADDRESS=$(curl -sSk https://metadata.platformequinix.com/metadata | jq -r '.network.bonding.mac') if [ -n "$BOND0MACADDRESS" ] && sudo grep '^# pre-up sleep 4' /etc/network/interfaces >&6 2>&1; then if ! sudo grep '^ hwaddress' /etc/network/interfaces >&6 2>&1; then sudo sed -i "/iface bond0 inet static/a \ \ \ \ hwaddress ${BOND0MACADDRESS}" /etc/network/interfaces fi fi fi if [ "$STAGE" = "install" ] && [ "$SKIP_IFUPDOWN_MIGRATION" != "true" ]; then say_white "+ Activating ifupdown network management" sudo mv /tmp/ifupdown-generated-config /etc/network/interfaces sudo ifreload -a >&6 2>&1 sudo ifreload -a >&6 ## If at second ifreload stderr is not empty, the user should see it say_white "+ Fixing resolv.conf" echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf >&6 echo 'network: {config: disabled}' | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg >&6 2>&1 || echo > /dev/null fi if [ "$DPDK" = "yes" ]; then say_white "+ Installing Netris DPDK package, it may take a few minutes" DEBIAN_FRONTEND=noninteractive sudo apt-get -o Dpkg::Options::="--force-confold" install netris-dpdk-mlnx -y >&6 2>&1 say_white "+ Disabling Netris SWLB service" sudo systemctl stop netris-swlb.service 2>&6 || echo > /dev/null sudo systemctl disable netris-swlb.service 2>&6 || echo > /dev/null # Make keepalived to wait for dpdk start ## Check if /etc/systemd/system/keepalived.service file exists, and it contains "#ExecStartPre=/bin/sleep 30" ### Uncomment the line, then execute systemctl daemon-reload if [ -f /etc/systemd/system/keepalived.service ] && grep '^#ExecStartPre=/bin/sleep 30' /etc/systemd/system/keepalived.service >&6 2>&1; then sudo sed -i '/#ExecStartPre=\/bin\/sleep 30/c\ExecStartPre=\/bin\/sleep 30' /etc/systemd/system/keepalived.service 2>&6 sudo systemctl daemon-reload 2>&6 fi fi if [ ! -f /opt/netris/installer.lock ]; then say_white "+ Initialize the Softgate" if [ "$DPDK" != "yes" ]; then DPDK_PORT=1 fi sudo /opt/netris/bin/netris-setup --dpdk=$DPDK --lo=$NS_LO --controller=$NS_CONTROLLER --hostname=$NS_HOSTNAME --auth=$NS_AUTH --port=$DPDK_PORT --fwd-core=$DPDK_FWD_CORE elif [ -f /opt/netris/installer.lock ]; then say_yellow "- Initialize the Softgate Step was skipped" say_yellow " If you want to reinitialize the device setup process, please delete the '/opt/netris/installer.lock' file." fi # If the script has been run to install softgate on AWS EC2 if [ "$AWS_EC2" = "yes" ]; then ## Check if /opt/netris/etc/netris.conf file exists ### If snat_to_lo_ntp == 'yes' replace to 'no' ### If snat_to_lo_dns == 'yes' replace to 'no' ### If snat_to_lo_web == 'yes' replace to 'no' ### If snat_to_lo_vpn == 'yes' replace to 'no' if sudo test -f /opt/netris/etc/netris.conf; then if sudo grep '^snat_to_lo_ntp = yes' /opt/netris/etc/netris.conf >&6 2>&1; then sudo sed -i '/snat_to_lo_ntp = yes/c\snat_to_lo_ntp = no' /opt/netris/etc/netris.conf fi if sudo grep '^snat_to_lo_dns = yes' /opt/netris/etc/netris.conf >&6 2>&1; then sudo sed -i '/snat_to_lo_dns = yes/c\snat_to_lo_dns = no' /opt/netris/etc/netris.conf fi if sudo grep '^snat_to_lo_web = yes' /opt/netris/etc/netris.conf >&6 2>&1; then sudo sed -i '/snat_to_lo_web = yes/c\snat_to_lo_web = no' /opt/netris/etc/netris.conf fi if sudo grep '^snat_to_lo_vpn = yes' /opt/netris/etc/netris.conf >&6 2>&1; then sudo sed -i '/snat_to_lo_vpn = yes/c\snat_to_lo_vpn = no' /opt/netris/etc/netris.conf fi fi fi # Enable BFD start in frr ## Check if /etc/frr/daemons file exists, and it contains "bfdd=no" ### Replace bfdd=no to bfdd=yes if sudo test -f /etc/frr/daemons && sudo grep '^bfdd=no' /etc/frr/daemons >&6 2>&1; then sudo sed -i '/bfdd=no/c\bfdd=yes' /etc/frr/daemons fi # Enable preserve_hostname in cloudinit ## Check if /etc/cloud/cloud.cfg file exists, and it contains "preserve_hostname: false" ### Replace preserve_hostname: false to preserve_hostname: true if sudo test -f /etc/cloud/cloud.cfg && sudo grep '^preserve_hostname: false' /etc/cloud/cloud.cfg >&6 2>&1; then sudo sed -i '/preserve_hostname: false/c\preserve_hostname: true' /etc/cloud/cloud.cfg fi ## The same for the /etc/cloud/cloud.cfg.d/91-cloud-config.cfg file if sudo test -f /etc/cloud/cloud.cfg.d/91-cloud-config.cfg && sudo grep '^preserve_hostname: false' /etc/cloud/cloud.cfg.d/91-cloud-config.cfg >&6 2>&1; then sudo sed -i '/preserve_hostname: false/c\preserve_hostname: true' /etc/cloud/cloud.cfg.d/91-cloud-config.cfg fi else >&2 say_red "error: failed to config the Netris repository" exit 1 fi say_blue if [ "$STAGE" = "install" ]; then say_blue "=== Netris Softgate is now installed! ===" elif [ "$STAGE" = "upgrade" ]; then if [ -n "$CONTROLLER_VERSION" ]; then if [ -n "${CONTROLLER_VERSION##3.0.*}" ] && [ -n "${CONTROLLER_VERSION##3.1.*}" ] && [ -n "${CONTROLLER_VERSION##3.2.*}" ]; then sudo curl -sSk ${DOWNLOAD_FROM_HOST}/kea-dhcp4.conf -o /etc/kea/kea-dhcp4.conf && sudo chown _kea:root /etc/kea/kea-dhcp4.conf fi fi say_blue "=== Netris Softgate is updated! ===" fi } at_exit() { # shellcheck disable=SC2181 # https://github.com/koalaman/shellcheck/wiki/SC2181 # Disable because we don't actually know the command we're running if [ "$?" -ne 0 ]; then >&2 say_red >&2 say_red "We're sorry, but it looks like something might have gone wrong during installation." >&2 say_red "If you need help, please join us on https://www.netris.io/slack/" fi } trap at_exit EXIT exec 6>/dev/null DOWNLOAD_FROM_HOST="https://get.netris.ai" MINIO_URL="https://minio-api.netris.dev" NETRIS_REPO_URL="" DOWNLOAD_FROM_REPO="main" SILENT="" SKIP_IFUPDOWN_MIGRATION="" NS_LO="" NS_CONTROLLER="" NS_HOSTNAME="" NS_AUTH="" NS_NODE_PRIO="" NS_NODE_TYPE="" CONTROLLER_DEFAULT_PASSWORD="newNet0ps" CONTROLLER_DEFAULT_B64_PASSWORD="" CONTROLLER_VERSION="" CONTROLLER_CHART_VERSION="2.6.6" CONTROLLER_CHART_RC_VERSION="2.2.0-alpha.1" CONTROLLER_CHART_ALPHA_VERSION="2.3.0-alpha.19" DELL_SONIC_IMAGE_REPOSITORY="netrisai/dell-bare-metal-sw-vxpd" ES_SONIC_IMAGE_REPOSITORY="netrisai/bare-metal-vxpd-ecsonic" SONIC_IMAGE_REPOSITORY="netrisai/bare-metal-sw-vxpd" SONIC_IMAGE_TAG="3.3.0.002" DEBUG="" DPDK_PORT=1 DPDK_FWD_CORE=6 CTL_INGRESS_HOSTNAME="" CTL_SSL_ISSUER="" HW_NOS="" DPDK_FORCE_NO="" # DESIRE_K3S_VERSION="v1.22.12+k3s1" # Version matrix format: OS_TYPE|CTL_VERSION|AGENT_VERSION # Define version matrix VERSION_MATRIX=" dell_sonic|4.2.0|4.2.0.029 dell_sonic|4.3.0|4.3.0.001 dell_sonic|4.3.1|4.3.0.001 dell_sonic|4.4.0|4.4.0.038 dell_sonic|4.5.0|4.4.0.038 dell_sonic|4.5.1|4.4.0.038 dell_sonic|4.5.2|4.4.0.038 dell_sonic|4.5.3|4.5.3.001 dell_sonic|4.5.4|4.5.4.006 ec_sonic|4.4.0|4.4.0.042 ec_sonic|4.4.1|4.4.0.042 ec_sonic|4.5.0|4.5.0.010 ec_sonic|4.5.1|4.5.0.021 ec_sonic|4.5.2|4.5.0.021 ec_sonic|4.5.3|4.5.0.022 arista_eos|4.4.0|4.5.0.004 arista_eos|4.5.0|4.5.0.035 arista_eos|4.5.1|4.5.0.035 arista_eos|4.5.2|4.5.0.039 arista_eos|4.5.3|4.5.3.018 arista_eos|4.5.4|4.5.4.010 " while [ $# -gt 0 ]; do case "$1" in --lo) NS_LO=$2 ;; --controller) NS_CONTROLLER=$2 ;; --hostname) NS_HOSTNAME=$2 ;; --auth) NS_AUTH=$2 ;; --node-prio) NS_NODE_PRIO=1 ;; --node-type) NS_NODE_TYPE=$2 ;; --sonic-tag) SONIC_IMAGE_TAG=$2 ;; --silent) SILENT="--silent" ;; --skip-ifupdown-migration) SKIP_IFUPDOWN_MIGRATION="true" ;; --debug) DEBUG="true" ;; --dpdk-force-no) DPDK_FORCE_NO="true" ;; --port) DPDK_PORT=$2 ;; --fwd-core) DPDK_FWD_CORE=$2 ;; --ctl-hostname) CTL_INGRESS_HOSTNAME=$2 ;; --ctl-ssl-issuer) CTL_SSL_ISSUER=$2 ;; --ctl-rc) CONTROLLER_CHART_VERSION=$CONTROLLER_CHART_RC_VERSION ;; --ctl-alpha) CONTROLLER_CHART_VERSION=$CONTROLLER_CHART_ALPHA_VERSION ;; --ctl-version) CONTROLLER_VERSION=$2 ;; --ctl-password) CONTROLLER_DEFAULT_PASSWORD=$2 ;; --ctl-b64password) CONTROLLER_DEFAULT_B64_PASSWORD=$2 ;; --apt-repo) DOWNLOAD_FROM_REPO=$2 ;; --hw-nos) HW_NOS=$2 ;; --local-repo-url) NETRIS_REPO_URL=$2 ;; esac shift done if [ "$DEBUG" = "true" ]; then exec 6>&1 say_red "DEBUG Mode On" fi # Remove trailing / if it exists NETRIS_REPO_URL="${NETRIS_REPO_URL%/}" if [ -z "$NETRIS_REPO_URL" ]; then NETRIS_REPO_URL="http://repo.netris.ai/repo" else DOWNLOAD_FROM_HOST=${NETRIS_REPO_URL} fi case $DPDK_PORT in 1|2);; *) >&2 say_red "error: invalid --port value, Possible values: 1 or 2" exit 1 ;; esac case $DPDK_FWD_CORE in 4|6|8|10);; *) >&2 say_red "error: invalid --fwd-core value, Possible values: 4,6,8 or 10" exit 1 ;; esac case $DOWNLOAD_FROM_REPO in "main"|"dev");; *) >&2 say_red "error: invalid --apt-repo value, Possible values: main or dev" exit 1 ;; esac if [ -n "$CONTROLLER_VERSION" ]; then CONTROLLER_VERSION=$(echo $CONTROLLER_VERSION | awk -F- {'print $1'} | awk -F. {'print $1"."$2"."$3'}) case $CONTROLLER_VERSION in "3.0.5") CONTROLLER_CHART_VERSION="1.0.9";; "3.0.6") CONTROLLER_CHART_VERSION="1.0.11";; "3.0.7") CONTROLLER_CHART_VERSION="1.0.12";; "3.0.8") CONTROLLER_CHART_VERSION="1.0.13";; "3.0.9") CONTROLLER_CHART_VERSION="1.0.16";; "3.0.10") CONTROLLER_CHART_VERSION="1.0.20";; "3.1.0") CONTROLLER_CHART_VERSION="1.1.0";; "3.2.0") CONTROLLER_CHART_VERSION="1.2.0";; "3.2.1") CONTROLLER_CHART_VERSION="1.2.2";; "3.3.0") CONTROLLER_CHART_VERSION="1.3.1";; "3.4.0") CONTROLLER_CHART_VERSION="1.4.0";; "3.4.1") CONTROLLER_CHART_VERSION="1.4.1";; "3.4.2") CONTROLLER_CHART_VERSION="1.4.3";; "3.4.3") CONTROLLER_CHART_VERSION="1.4.4";; "3.4.4") CONTROLLER_CHART_VERSION="1.4.5";; "3.5.0") CONTROLLER_CHART_VERSION="1.5.2";; "4.0.0") CONTROLLER_CHART_VERSION="2.0.0-rc.5";; "4.1.0") CONTROLLER_CHART_VERSION="2.1.0-alpha.1";; "4.1.1") CONTROLLER_CHART_VERSION="2.1.9";; "4.2.0") CONTROLLER_CHART_VERSION="2.2.0-alpha.1";; "4.3.0") CONTROLLER_CHART_VERSION="2.3.0-alpha.19";; "4.3.1") CONTROLLER_CHART_VERSION="2.3.1-alpha.9";; "4.4.0") CONTROLLER_CHART_VERSION="2.4.1";; "4.5.0") CONTROLLER_CHART_VERSION="2.5.0-alpha.1";; "4.5.1") CONTROLLER_CHART_VERSION="2.5.5";; "4.5.2") CONTROLLER_CHART_VERSION="2.5.7";; "4.5.3") CONTROLLER_CHART_VERSION="2.6.6";; "4.5.4") CONTROLLER_CHART_VERSION="2.7.2";; *) >&2 say_red "error: invalid --ctl-version value" exit 1 ;; esac fi if [ -n "$CONTROLLER_DEFAULT_B64_PASSWORD" ] && command -v base64 >&6; then CONTROLLER_DEFAULT_PASSWORD=$(echo -n $CONTROLLER_DEFAULT_B64_PASSWORD | base64 -d) fi OS="" case $(uname) in "Linux") OS="linux";; *) print_unsupported_platform exit 1 ;; esac ARCH="" case $(uname -m) in "x86_64") ARCH="x64";; # "arm64") ARCH="arm64";; # "aarch64") ARCH="arm64";; *) print_unsupported_platform exit 1 ;; esac if [ -z "$NS_LO" ] && [ -z "$NS_CONTROLLER" ] && [ -z "$NS_HOSTNAME" ] && [ -z "$NS_AUTH" ] && [ -z "$NS_NODE_PRIO" ] && [ -z "$NS_NODE_TYPE" ] && [ -z "$SKIP_IFUPDOWN_MIGRATION" ]; then controller say_green "+ Get started with Netris: https://netris.io/docs/en/stable/" exit 0 fi DIST_VERSION="" DIST_CODE="" case $(grep -w VERSION /etc/os-release) in *"Bionic"*) DIST_VERSION="ubuntu18.04" DIST_CODE="bionic";; *"Focal"*) DIST_VERSION="ubuntu20.04" DIST_CODE="focal";; *"Jammy"*) DIST_VERSION="ubuntu22.04" DIST_CODE="jammy";; *"Noble"*) DIST_VERSION="ubuntu24.04" DIST_CODE="noble";; *"Cumulus Linux 3.7"*) DIST_VERSION="cumulus3.7" DIST_CODE="jessie";; *"Cumulus Linux 4."*) DIST_VERSION="cumulus5" DIST_CODE="buster";; *"Cumulus Linux 5.9"*) DIST_VERSION="cumulus5" DIST_CODE="bookworm";; *"Cumulus Linux 5.10"*) DIST_VERSION="cumulus5" DIST_CODE="bookworm";; *"Cumulus Linux 5.11"*) DIST_VERSION="cumulus5" DIST_CODE="bookworm";; *"Cumulus Linux 5.12"*) DIST_VERSION="cumulus5" DIST_CODE="bookworm";; *"Cumulus Linux 5.13"*) DIST_VERSION="cumulus5" DIST_CODE="bookworm";; *"Cumulus Linux 5."*) DIST_VERSION="cumulus5" DIST_CODE="buster";; *"buster"*) DIST_VERSION="debian10" DIST_CODE="buster";; *"bullseye"*) DIST_VERSION="debian11" DIST_CODE="bullseye";; *"Shamrock"*) DIST_VERSION="almalinux9" DIST_CODE="almalinux9";; *"Teal"*) DIST_VERSION="almalinux9" DIST_CODE="almalinux9";; *"Seafoam"*) DIST_VERSION="almalinux9" DIST_CODE="almalinux9";; *"Sage"*) DIST_VERSION="almalinux9" DIST_CODE="almalinux9";; *) print_unsupported_platform exit 1 ;; esac echo $DIST_VERSION >&6 CUMULUS="" if command -v cl-support >&6; then CUMULUS="true" fi SONIC="" if command -v sonic-cli >&6; then SONIC="true" fi ARISTA="" if command -v FastCli >&6; then ARISTA="true" fi if [ "$DIST_VERSION" = "cumulus3.7" ] && [ "$CUMULUS" != "true" ] || [ "$DIST_VERSION" = "cumulus5" ] && [ "$CUMULUS" != "true" ]; then print_unsupported_platform exit 1 fi if [ "$DIST_VERSION" = "debian10" ] && [ "$SONIC" != "true" ] || [ "$DIST_VERSION" = "debian11" ] && [ "$SONIC" != "true" ]; then print_unsupported_platform exit 1 fi if [ "$DIST_VERSION" = "almalinux9" ] && [ "$ARISTA" != "true" ]; then print_unsupported_platform exit 1 fi if [ -n "$NS_LO" ] && [ -n "$NS_CONTROLLER" ] && [ -n "$NS_HOSTNAME" ] && [ -n "$NS_AUTH" ] && { [ -n "$NS_NODE_PRIO" ] || case "$NS_NODE_TYPE" in softgate*) true;; *) false;; esac; } && [ -z "$CUMULUS" ] && [ -z "$SONIC" ]; then softgate elif [ -n "$NS_LO" ] && [ -n "$NS_CONTROLLER" ] && [ -n "$NS_HOSTNAME" ] && [ -n "$NS_AUTH" ] && [ "$NS_NODE_TYPE" = "acs_hyper" ] && [ -z "$CUMULUS" ] && [ -z "$SONIC" ]; then host_vtep elif [ -n "$NS_LO" ] && [ -n "$NS_CONTROLLER" ] && [ -n "$NS_HOSTNAME" ] && [ -n "$NS_AUTH" ] && [ "$NS_NODE_TYPE" = "evpn_vtep" ] && [ -z "$CUMULUS" ] && [ -z "$SONIC" ]; then host_vtep elif [ -n "$NS_LO" ] && [ -n "$NS_CONTROLLER" ] && [ -n "$NS_HOSTNAME" ] && [ -n "$NS_AUTH" ] && [ -n "$SONIC" ] && [ -z "$NS_NODE_PRIO" ] && [ -z "$CUMULUS" ]; then sonic elif [ -n "$NS_LO" ] && [ -n "$NS_CONTROLLER" ] && [ -n "$NS_HOSTNAME" ] && [ -n "$NS_AUTH" ] && [ -n "$ARISTA" ] && [ "$NS_NODE_TYPE" = "switch" ] && [ "$HW_NOS" = "arista_eos" ]; then arista elif [ -n "$NS_LO" ] && [ -n "$NS_CONTROLLER" ] && [ -n "$NS_HOSTNAME" ] && [ -n "$NS_AUTH" ] && [ -z "$NS_NODE_PRIO" ] && [ -z "$ARISTA" ]; then switch else >&2 say_red "error: Invalid arguments" exit 1 fi if [ "$EXTRA_INSTALL_STEP" != "" ]; then say_white "${EXTRA_INSTALL_STEP}" fi say_green "+ Get started with Netris: https://netris.io/docs/en/stable/"