[teleport-update] Support for CentOS 7

[sclevine]

The teleport-update binary uses systemctl commands that are not supported on CentOS 7. Although CentOS 7 is EOL and no longer receiving security patches as of June 2024, Teleport v17 is currently documented to support it.

These commands include list-unit-files, is-enabled, and the --now flag.

This PR avoids executing those commands when systemd is too old to support them. Edit: due to backports of the most of the functionality above, the last published version of CentOS 7 is fully-functional aside from a few missing warnings. I still plan to merge this PR to protect against unexpected behavior on Linux distros with older versions of systemd.

Additionally, this PR simplifies the uninstallation workflow by allowing a stopped but enabled teleport systemd service to be removed. This behavior is more logical, and avoids is-enabled.

---

changelog: Improve support for teleport-update on CentOS 7 and distros with older SystemD versions.

---

The teleport-update binary will be used to enable, disable, and trigger automatic Teleport agent updates. The new auto-updates system manages a local installation of the cluster-specified version of Teleport stored in /opt/teleport.

RFD: #47126
Goal (internal): https://github.com/gravitational/cloud/issues/11856

[sclevine]

Confusingly, after more extensive testing, it appears that a number of these commands are implemented in the last release of centos7, even though the systemd version reports 219 via systemctl --version. --now and is-enabled appear to work as specified in later versions of systemd.

They seem to be backported incompletely, as list-unit-files always returns 0, breaking some features, so I'm going to merge this regardless. (edit: looks like this was a bug that was fixed: systemd/systemd#15191)

CC: @hugoShaka

[hugoShaka]

It looks like both RHEL7 and CentOS7 have systemctl enable --now:

$ docker run -it --rm centos:7 bash -c "systemctl enable --help | grep now"
     --now            Start or stop unit in addition to enabling or disabling it

$ [root@hugo-autoupdate-test-rhel7 ec2-user]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)

$ [root@hugo-autoupdate-test-rhel7 ec2-user]# systemctl enable --help | grep "now"
     --now            Start or stop unit in addition to enabling or disabling it

Note: they do both run systemd 219, so I suppose we either misunderstood when --now was introduced, or they did fun backports (likely as we're talking about RedHat).

Do we still want to do this change>

[sclevine]

--now was added in 220: https://www.freedesktop.org/software/systemd/man/latest/systemctl.html#--now

Since we're aiming to support a wide range of distros, and older versions of rhel7/centos7 will not have the backport, it seems safer to stick to the spec and check the version for any APIs that have version requirements.

[public-teleport-github-review-bot]

@sclevine See the table below for backport results.

Branch	Result
branch/v17	Create PR