We would like to do unattended installs of the Okta RADIUS Agent on Linux.
I know this is officially unsupported (which is inconceivable to me):
https://support.okta.com/help/s/article/Can-Linux-RADIUS-agent-be-set-up-for-unattended-installation?language=en_US
Unattended installation of the Linux Radius Agent currently is not supported.
The root cause of the problem is that the RPM’s post-install script contains these lines:
if ! exec </dev/tty; then
echo -e "\nERROR: Failed to redirect user input to the console\n"
exit 2
fi
Those lines force the install to be run interactively.
We’ve tried this:
It doesn’t quite work. We adapted it to handle the changed directories in the installer and remove some lines from configure.sh that require a functional /dev/tty (an interactive shell session).
Here is our best attempt (which works, but is likely to break with small changes to the post-install):
rpmfile=$(mktemp)
curl "$download_url" --output "$rpmfile"
cd /
rpm2cpio "$rpmfile" | cpio -idmv
chmod -R 755 ./opt/okta ./var/lib/ragent/
chown -R OktaRadiusService:OktaRadiusService ./opt/okta ./var/lib/ragent/
sed -i '11,15d' ./opt/okta/ragent/scripts/configure.sh
./opt/okta/ragent/scripts/configure.sh
This works and can run in cloud-init. It will pause and periodically log the OAuth link to authenticate the agent. If you visit that link and authenticate the agent install completes and the agent works as expected.
We really don’t like the sed there. It’s very brittle. We could get clever with AWK or Python to make it less brittle. We could include our own modified configure.sh script potentially. Any of these potentially break with changes to the agent install.
Has anyone done an unattended Okta RADIUS Agent install on Linux?