rollover datastreams to get latest index templates + remove existing ilm policies from so-case / so-detection indices

salt/common/tools/sbin/so-common

@@ -550,6 +550,22 @@ retry() {
         return $exitcode
 }
 
+rollover_index() {
+  idx=$1
+  exists=$(so-elasticsearch-query $idx -o /dev/null -w "%{http_code}")
+  if [[ $exists -eq 200 ]]; then
+    rollover=$(so-elasticsearch-query $idx/_rollover -o /dev/null -w "%{http_code}" -XPOST)
+
+    if [[ $rollover -eq 200 ]]; then
+      echo "Successfully triggered rollover for $idx..."
+    else
+      echo "Could not trigger rollover for $idx..."
+    fi
+  else
+    echo "Could not find index $idx..."
+  fi
+}
+
 run_check_net_err() {
 	local cmd=$1
 	local err_msg=${2:-"Unknown error occured, please check /root/$WHATWOULDYOUSAYYAHDOHERE.log for details."} # Really need to rename that variable

salt/manager/tools/sbin/soup

@@ -403,7 +403,15 @@ migrate_pcap_to_suricata() {
 }
 
 post_to_3.0.0() {
-  echo "Nothing to apply"
+  for idx in "logs-idh-so" "logs-redis.log-default"; do
+    rollover_index "$idx"
+  done
+
+  # Remove ILM for so-case and so-detection indices
+  for idx in "so-case" "so-casehistory" "so-detection" "so-detectionhistory"; do
+    so-elasticsearch-query $idx/_ilm/remove -XPOST
+  done
+
   POSTVERSION=3.0.0
 }