-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
executable file
·339 lines (285 loc) · 11.8 KB
/
install.sh
File metadata and controls
executable file
·339 lines (285 loc) · 11.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
#!/usr/bin/env bash
#
# Installer for Fivetran Proxy Agent on Linux using Docker
#
# For more information:
# https://github.com/fivetran/proxy_agent
#
set -euo pipefail
# ── Helpers ──────────────────────────────────────────────────────────────────
die() { echo "ERROR: $*" >&2; exit 1; }
extract_json_string() {
grep -m1 -o "\"$1\"[[:space:]]*:[[:space:]]*\"[^\"]*\"" "$2" \
| sed "s/.*\"$1\"[[:space:]]*:[[:space:]]*\"\([^\"]*\)\".*/\1/" || true
}
DEFAULT_FIVETRAN_API_URL="https://api.fivetran.com"
usage() {
cat <<'EOF'
Usage:
RUNTIME=docker ./install.sh <config.json> [--install-dir <dir>]
TOKEN="<token>" RUNTIME=docker ./install.sh [--install-dir <dir>]
Options:
--install-dir <dir> Installation directory (default: ~/fivetran-proxy-agent)
EOF
exit 1
}
# ── Early checks ─────────────────────────────────────────────────────────────
if [ "$(id -u)" -eq 0 ]; then
die "This script should not be run as root. Please run as a regular user."
fi
if [ "${RUNTIME:-}" != "docker" ]; then
die "RUNTIME must be set to 'docker' (got: '${RUNTIME:-}')."
fi
# ── Constants ────────────────────────────────────────────────────────────────
DEFAULT_INSTALL_DIR="$HOME/fivetran-proxy-agent"
MIN_DOCKER_VERSION="20.10.17"
MIN_RECOMMENDED_CPU_COUNT=4
MIN_RECOMMENDED_RAM_KB=5242880
MIN_RECOMMENDED_DISK_SPACE_MB=2048
AGENT_SCRIPT="proxy-agent-manager.sh"
AGENT_SCRIPT_URL="https://raw.githubusercontent.com/fivetran/proxy_agent/main/proxy-agent-manager.sh"
REGISTRY_TAGS_URL="https://us-docker.pkg.dev/v2/prod-eng-fivetran-public-repos/public-docker-us/proxy-agent/tags/list"
WARNINGS=()
ERRORS=()
# ── Validation ───────────────────────────────────────────────────────────────
check_dependencies() {
if ! command -v curl >/dev/null 2>&1; then
ERRORS+=("Required dependency 'curl' is not installed or not found in PATH. Please install curl and re-run this installer.")
fi
}
check_docker_version() {
if ! command -v docker &> /dev/null; then
ERRORS+=("docker is not installed")
return
fi
local version_output
if ! version_output=$(docker --version 2>&1); then
ERRORS+=("Failed to execute 'docker --version'. Docker may not be functioning properly")
return
fi
local version
version=$(echo "$version_output" | awk '{print $3}' | sed 's/,$//')
if [ -z "$version" ]; then
WARNINGS+=("Unable to determine Docker version")
return
fi
if [ "$(printf '%s\n' "$MIN_DOCKER_VERSION" "$version" | sort -V | head -n1)" != "$MIN_DOCKER_VERSION" ]; then
ERRORS+=("Docker version $version does not meet the minimum requirement of $MIN_DOCKER_VERSION")
fi
if ! docker info >/dev/null 2>&1; then
ERRORS+=("Docker is installed but the Docker daemon is not accessible. Ensure that Docker is running and that your user has permission to access the Docker daemon (for example, by adding your user to the 'docker' group and then logging out and back in).")
return
fi
}
check_rootless_linger() {
if ! docker info --format '{{.SecurityOptions}}' 2>/dev/null | grep -qw "rootless"; then
return
fi
if ! command -v loginctl &> /dev/null; then
WARNINGS+=("Rootless Docker detected but loginctl is not available. The Proxy Agent officially supports systemd as the init system. Ensure the agent is configured to start on boot for your init system.")
return
fi
local user
user=${USER:-$(id -un)}
local linger_status
linger_status=$(loginctl show-user "$user" -p Linger --value 2>/dev/null || true)
if [ "$linger_status" != "yes" ]; then
WARNINGS+=("Rootless Docker detected but user linger is not enabled. Run 'sudo loginctl enable-linger $user' to ensure the agent starts automatically on system boot.")
fi
}
check_resources() {
local cpu_count
local total_mem_kb
if [ -f /proc/cpuinfo ]; then
cpu_count=$(grep -c "^processor" /proc/cpuinfo)
elif command -v nproc &> /dev/null; then
cpu_count=$(nproc)
else
WARNINGS+=("Unable to determine CPU count")
cpu_count=0
fi
if [ -f /proc/meminfo ]; then
total_mem_kb=$(grep "MemTotal" /proc/meminfo | awk '{print $2}')
else
WARNINGS+=("Unable to determine available memory")
total_mem_kb=0
fi
if [ "$cpu_count" -gt 0 ] && [ "$cpu_count" -lt "$MIN_RECOMMENDED_CPU_COUNT" ]; then
WARNINGS+=("CPU count ($cpu_count) is below the recommended minimum of $MIN_RECOMMENDED_CPU_COUNT")
fi
local total_mem_mb
if [ "$total_mem_kb" -gt 0 ]; then
total_mem_mb=$((total_mem_kb / 1024))
if [ "$total_mem_kb" -lt "$MIN_RECOMMENDED_RAM_KB" ]; then
WARNINGS+=("RAM (${total_mem_mb}MB) is below the recommended minimum of $((MIN_RECOMMENDED_RAM_KB / 1024))MB")
fi
fi
}
check_disk_space() {
local install_dir="$1"
local parent_dir
parent_dir=$(dirname "$install_dir")
if [ ! -d "$parent_dir" ]; then
return
fi
local df_output
if ! df_output=$(df -m "$parent_dir" 2>/dev/null); then
WARNINGS+=("Unable to determine available disk space for $parent_dir")
return
fi
local space_mb
space_mb=$(echo "$df_output" | awk 'NR==2 {print $4}')
if [ -z "$space_mb" ]; then
WARNINGS+=("Unable to determine available disk space for $parent_dir")
return
fi
if [ "$space_mb" -lt "$MIN_RECOMMENDED_DISK_SPACE_MB" ]; then
WARNINGS+=("Available disk space (${space_mb}MB) is below the recommended minimum of ${MIN_RECOMMENDED_DISK_SPACE_MB}MB")
fi
}
report_warnings_and_errors() {
if [ ${#WARNINGS[@]} -gt 0 ] || [ ${#ERRORS[@]} -gt 0 ]; then
if [ ${#WARNINGS[@]} -gt 0 ]; then
echo -e "\nWARNINGS:"
for warning in "${WARNINGS[@]}"; do
echo " - $warning"
done
fi
if [ ${#ERRORS[@]} -gt 0 ]; then
echo -e "\nERRORS:"
for error in "${ERRORS[@]}"; do
echo " - $error"
done
echo ""
die "Please resolve the above errors before proceeding."
fi
echo ""
fi
}
# ── Version resolution ───────────────────────────────────────────────────────
get_latest_version() {
local tags_json
tags_json=$(curl -s -f "$REGISTRY_TAGS_URL") || die "Unable to query image registry for latest version"
local version
version=$(echo "$tags_json" \
| grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' \
| tr -d '"' \
| sort -V \
| tail -1 \
|| true)
[ -n "$version" ] || die "Unable to determine latest proxy agent version"
echo "$version"
}
# ── Main ─────────────────────────────────────────────────────────────────────
main() {
local config_path=""
local install_dir="$DEFAULT_INSTALL_DIR"
while [ $# -gt 0 ]; do
case "$1" in
-h|--help)
usage
;;
--install-dir)
[ $# -ge 2 ] || die "--install-dir requires a value"
install_dir="$2"
shift 2
;;
-*)
die "Unknown option: $1"
;;
*)
[ -z "$config_path" ] || die "Unexpected argument: $1"
config_path="$1"
shift
;;
esac
done
if [ -z "${config_path:-}" ] && [ -z "${TOKEN:-}" ]; then
usage
fi
if [ -n "${config_path:-}" ] && [ ! -r "$config_path" ]; then
die "Config file not found or not readable: $config_path"
fi
# WebSocket agents (identified by proxy_server_uri) need a fresh gRPC-compatible config.
# Construct TOKEN from existing credentials to fetch one via the configure endpoint.
if [ -n "${config_path:-}" ] && [ -z "${TOKEN:-}" ] && grep -q '"proxy_server_uri"' "$config_path"; then
local agent_id auth_token
agent_id=$(extract_json_string "agent_id" "$config_path")
auth_token=$(extract_json_string "auth_token" "$config_path")
[ -n "$agent_id" ] && [ -n "$auth_token" ] \
|| die "Could not extract credentials from WebSocket config"
TOKEN=$(printf '%s:%s' "$agent_id" "$auth_token" | base64 | tr -d '\n')
config_path=""
echo "Detected WebSocket agent configuration. Fetching updated config from Fivetran..."
fi
echo -e "Installing Fivetran Proxy Agent...\n"
# Pre-flight checks
echo -n "Checking prerequisites... "
check_dependencies
check_docker_version
check_rootless_linger
check_resources
check_disk_space "$install_dir"
if [ ${#WARNINGS[@]} -eq 0 ] && [ ${#ERRORS[@]} -eq 0 ]; then
echo -e "OK\n"
else
echo ""
report_warnings_and_errors
fi
# Directory setup
if [ -d "$install_dir" ]; then
echo "$install_dir already exists, will re-use it."
else
mkdir -p "$install_dir"
fi
if [ ! -w "$install_dir" ]; then
die "Insufficient permissions to write to $install_dir"
fi
mkdir -p "$install_dir/config" "$install_dir/logs"
# Download management script from public repo
local tmp_script
tmp_script=$(mktemp "${install_dir}/${AGENT_SCRIPT}.XXXXXX")
if ! curl -fSsL --max-time 30 "$AGENT_SCRIPT_URL" -o "$tmp_script"; then
rm -f "$tmp_script"
die "Failed to download management script from $AGENT_SCRIPT_URL"
fi
chmod u+x "$tmp_script"
mv "$tmp_script" "$install_dir/$AGENT_SCRIPT"
# Bootstrap or copy config
if [ -z "${config_path:-}" ]; then
local api_url="${FIVETRAN_API_URL:-$DEFAULT_FIVETRAN_API_URL}"
echo "Fetching agent config from $api_url..."
local response
response=$(curl -sS -w "\n%{http_code}" \
-X POST \
-H "Authorization: Basic ${TOKEN}" \
-H "Accept: application/json" \
"${api_url}/proxy-agent/configure") || die "Failed to connect to configure endpoint"
# Extract status code (after last newline) and body (before last newline) using bash builtins
local http_code="${response##*$'\n'}"
local body="${response%$'\n'*}"
[ "$http_code" = "200" ] || die "Configure endpoint returned HTTP $http_code"
# umask 177 ensures the file is created with 600 permissions (no read/write for group/other)
(umask 177 && printf '%s' "$body" > "$install_dir/config/config.json")
else
(umask 177 && cat "$config_path" > "$install_dir/config/config.json")
echo "Config copied to $install_dir/config/config.json"
fi
# Resolve and pin version
echo "Resolving latest proxy agent version..."
local version
version=$(get_latest_version)
echo "$version" > "$install_dir/version"
echo "Using version $version"
# Start agent
echo "Changing current directory to $install_dir"
cd "$install_dir"
if ! ./$AGENT_SCRIPT start; then
echo "Installation complete, but agent failed to start."
echo "To try to start the agent again, run: ./$AGENT_SCRIPT start"
exit 1
fi
echo -e "\nInstallation complete."
echo "Install directory: $install_dir"
}
main "$@"