influx upgrade

2025-12-09 10:42:54 +01:00 · 2023-02-13 14:56:51 -05:00
parent 7b3acd53a1
commit 1fa8294ee6
3 changed files with 70 additions and 29 deletions
--- a/salt/common/tools/sbin/so-influxdb-manage
+++ b/salt/common/tools/sbin/so-influxdb-manage
@@ -18,6 +18,8 @@ usage() {
    echo "  userenable     Enables a user, requires: <email>"
    echo "  userdisable    Disables a user, requires: <email>"
    echo "  userpass       Updates a user's password, requires: <email>"
+    echo "  userpromote    Promotes a user to admin: <email>"
+    echo "  userdemote     Demotes a user from admin: <email>"
    echo ""
    echo "If required, the password will be read from STDIN."
    exit 1
@@ -27,13 +29,14 @@ if [ $# -lt 1 ]; then
  usage
 fi

+COMMAND=$(basename $0)
 OP=$1
 shift

 set -eo pipefail

 log() {
-  echo -e "$(date) | InfluxDB | $@" >&2
+  echo -e "$(date) | $COMMAND | $@" >&2
 }

 check_response() {
@@ -61,17 +64,6 @@ lookup_user_id() {
  echo "$uid"
 }

-lookup_org_id() {
-  response=$(request orgs?limit=100)
-  check_response "$response"
-  oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id")
-  if [[ -z "$oid" ]]; then
-    log "Organization not found"
-    exit 1
-  fi
-  echo "$oid"
-}
-
 lookup_stack_id() {
  oid=$1

@@ -86,15 +78,6 @@ lookup_stack_id() {
  echo "$stackid"
 }

-add_user_to_org() {
-  uid=$1
-  oid=$2
-
-  log "Adding new user to organization"
-  response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}")
-  check_response "$response"
-}
-
 change_password() {
  uid=$1

@@ -137,6 +120,30 @@ setup_bucket() {
  check_response "$response"
 }

+lookup_org_id_with_wait() {
+  max_attempts=30
+  attempts=0
+  wait=10
+  while [[ $attempts -lt $max_attempts ]]; do
+    response=$(request orgs?org=Security+Onion)
+    check_response "$response"
+    oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id")
+    if [[ -z $oid ]]; then
+      attempts=$((attempts+1))
+      log "Server does not appear to be running or fully initialized - will try again in $wait seconds ($attempts / $max_attempts)"
+      sleep $wait
+    else
+      echo "$oid"
+      return
+    fi
+  done
+  
+  log "Server has not started after $max_attempts attempts - aborting"
+  exit 1
+}
+
+oid=$(lookup_org_id_with_wait)
+
 case "$OP" in

  setup)
@@ -146,7 +153,6 @@ case "$OP" in
    newest=$(ls -1t /opt/so/conf/influxdb/templates/ | head -1)
    if [ /opt/so/conf/influxdb/templates/$newest -nt /opt/so/conf/influxdb/last_template_setup ]; then
      log "Updating templates"
-      oid=$(lookup_org_id)
      stackid=$(lookup_stack_id "$oid")
      for file in /opt/so/conf/influxdb/templates/*; do
        if [[ "$templates_array" != "" ]]; then
@@ -164,7 +170,6 @@ case "$OP" in
    # Setup buckets and retention periods if at least one has been modified since the last setup
    if [ /opt/so/conf/influxdb/buckets.json -nt /opt/so/conf/influxdb/last_bucket_setup ]; then
      log "Updating buckets and retention periods"
-      oid=$(lookup_org_id)
      for rp in so_short_term so_long_term; do
        bucket=telegraf/$rp
        log "Ensuring bucket is created and configured; bucket=$bucket"
@@ -189,11 +194,14 @@ case "$OP" in
    [ $# -ne 1 ] && usage
    email=$1
    log "Adding new user; email=$email"
-    oid=$(lookup_org_id)
    response=$(request users -X POST -d "{\"name\":\"$email\"}")
    check_response "$response"
    uid=$(echo "$response" | jq -r .id)
-    add_user_to_org "$uid" "$oid"
+
+    log "Adding new user to organization"
+    response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}")
+    check_response "$response"
+
    change_password "$uid"
    ;;

@@ -232,6 +240,26 @@ case "$OP" in
    check_response "$response"
    ;;

+  userpromote)
+    [ $# -ne 1 ] && usage
+    email=$1
+    log "Promoting user to admin; email=$email"
+    uid=$(lookup_user_id "$email")
+    response=$(request orgs/$oid/members/$uid -X DELETE)
+    response=$(request orgs/$oid/owners -X POST -d "{\"id\":\"$uid\"}")
+    check_response "$response"
+    ;;
+
+  userdemote)
+    [ $# -ne 1 ] && usage
+    email=$1
+    log "Demoting user from admin; email=$email"
+    uid=$(lookup_user_id "$email")
+    response=$(request orgs/$oid/owners/$uid -X DELETE)
+    response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}")
+    check_response "$response"
+    ;;
+
  *)
    usage
    ;;