Fix verify so copying sigma rules isnt fail

salt/elasticfleet/install_agent_grid.sls

@@ -10,6 +10,7 @@
 run_installer:
   cmd.script:
     - name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux
+    - cwd: /opt/so
     - args: -token={{ GRIDNODETOKEN }}
 
 {% endif %}

salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers

@@ -4,52 +4,60 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
 # this file except in compliance with the Elastic License 2.0.
 
-#so-elastic-agent-gen-installers $FleetHost $EnrollmentToken 
+#so-elastic-agent-gen-installers $FleetHostURLs $EnrollmentToken 
 
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 
 . /usr/sbin/so-common
 
+for i in {1..30}
+do
    ENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json'  | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints")) | .api_key')
+   FLEETHOST=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/fleet_server_hosts' | jq -r  '.items[].host_urls[]' | paste -sd ',')
+if [[ $FLEETHOST ]] && [[  $ENROLLMENTOKEN ]]; then break; else sleep 10; fi
+done
+if [[ -z $FLEETHOST ]] || [[ -z $ENROLLMENTOKEN ]]; then printf "\nFleet Host URL or Enrollment Token empty - exiting..." && exit; fi
 
-#FLEETHOST=$(lookup_pillar "server:url" "elasticfleet")
-FLEETHOST="{{ GLOBALS.manager_ip }}"
+OSARCH=( "linux-x86_64" "windows-x86_64" "darwin-x86_64" "darwin-aarch64" )
 
-#FLEETHOST=$1
-#ENROLLMENTOKEN=$2
-TARGETOS=( "linux" "darwin" "windows" )
+printf  "\n### Creating a temp directory at /nsm/elastic-agent-workspace\n"
+rm -rf /nsm/elastic-agent-workspace
+mkdir -p /nsm/elastic-agent-workspace
 
-printf  "\n### Get rid of any previous runs\n"
-rm -rf /tmp/elastic-agent-workspace
-mkdir -p /tmp/elastic-agent-workspace
-
-printf "\n### Extract outer tarball and then each individual tarball/zip\n"
-tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /tmp/elastic-agent-workspace/
-unzip /tmp/elastic-agent-workspace/elastic-agent-*.zip -d /tmp/elastic-agent-workspace/
-for archive in /tmp/elastic-agent-workspace/*.tar.gz
+printf "\n### Extracting outer tarball and then each individual tarball/zip\n"
+tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /nsm/elastic-agent-workspace/
+unzip -q /nsm/elastic-agent-workspace/elastic-agent-*.zip -d /nsm/elastic-agent-workspace/
+for archive in /nsm/elastic-agent-workspace/*.tar.gz
 do
-  tar xf "$archive" -C /tmp/elastic-agent-workspace/
+  printf "\nExtracting $archive..."
+  tar xf "$archive" -C /nsm/elastic-agent-workspace/
 done 
 
-printf "\n### Strip out unused components"
-find /tmp/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete 
+printf "\n### Stripping out unused components"
+find /nsm/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete 
 
-printf "\n### Tar everything up again"
-for OS in "${TARGETOS[@]}"
+printf "\n### Tarring everything up again"
+for OS in "${OSARCH[@]}"
 do 
-  rm -rf /tmp/elastic-agent-workspace/elastic-agent
-  mv /tmp/elastic-agent-workspace/elastic-agent-*-$OS-x86_64 /tmp/elastic-agent-workspace/elastic-agent
-  tar -czvf /tmp/elastic-agent-workspace/$OS.tar.gz  -C /tmp/elastic-agent-workspace elastic-agent
+  printf "\nCreating tarball for $OS..."
+  rm -rf /nsm/elastic-agent-workspace/elastic-agent
+  mv /nsm/elastic-agent-workspace/elastic-agent-*-$OS /nsm/elastic-agent-workspace/elastic-agent
+  tar -czf /nsm/elastic-agent-workspace/$OS.tar.gz  -C /nsm/elastic-agent-workspace elastic-agent
 done 
 
-printf "\n### Generate OS packages using the cleaned up tarballs"
-for OS in "${TARGETOS[@]}"
+GOTARGETOS=( "linux" "windows" "darwin" "darwin/arm64" )
+GOARCH="amd64"
+printf "\n### Generating OS packages using the cleaned up tarballs"for GOOS in "${GOTARGETOS[@]}"
 do
-    printf "\n\n### Generating $OS Installer...\n"
-    docker run -e CGO_ENABLED=0 -e GOOS=$OS \
+    if [[ $GOOS == 'darwin/arm64' ]]; then GOOS="darwin" && GOARCH="arm64"; fi
+    printf "\n\n### Generating $GOOS/$GOARCH Installer...\n"
+    docker run -e CGO_ENABLED=0 -e GOOS=$GOOS -e GOARCH=$GOARCH \
     --mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \
-    --mount type=bind,source=/tmp/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \
+    --mount type=bind,source=/nsm/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \
     --mount type=bind,source=/opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/,target=/output/ \
-    {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHost=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN"  -o /output/so-elastic-agent_$OS
-    printf "\n### $OS Installer Generated...\n"
+    {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHostURLsList=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN"  -o /output/so-elastic-agent_${GOOS}_${GOARCH}
+    printf "\n### $GOOS/$GOARCH Installer Generated...\n"
 done
+
+printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace"
+rm -rf /nsm/elastic-agent-workspace

setup/so-functions

@@ -904,7 +904,7 @@ create_manager_pillars() {
 	influxdb_pillar
 	logrotate_pillar
 	patch_pillar
-
+	nginx_pillar
 }
 
 create_repo() {
@@ -967,7 +967,7 @@ download_elastic_agent_artifacts() {
 	else
 		logCmd "mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
 		logCmd "curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz"
-		logCmd "tar -xf /nsm/elastic-fleet/artifacts/beats/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
+		logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
 	fi
 }
 
@@ -1389,6 +1389,19 @@ idstools_pillar() {
 	touch $adv_idstools_pillar_file
 }
 
+nginx_pillar() {
+	title "Creating the NGINX pillar"
+	[[ -z "$TESTING" ]] && return
+
+	# When testing, set the login rate limiting to high values to avoid failing automated logins
+	printf '%s\n'\
+		"nginx:"\
+		"  config:"\
+		"    throttle_login_burst: 9999"\
+		"    throttle_login_rate: 9999"\
+		"" > "$nginx_pillar_file"
+}
+
 soc_pillar() {
 	title "Creating the SOC pillar"
 	touch $adv_soc_pillar_file

setup/so-verify

@@ -32,8 +32,6 @@ log_has_errors() {
     # Ignore Failed: 0 since that is the salt state output, and we detect state failures
     # via Result: False already.
     
-    # Ignore "/tmp/__salt.tmp." and "retcode: 126" as they seem to be related to a transient issue with the elastic agent for linux
-
     grep -E "FAILED|Failed|failed|ERROR|Result: False" "$setup_log" | \
         grep -vE "The Salt Master has cached the public key for this node" | \
         grep -vE "Minion failed to authenticate with the master" | \
@@ -46,9 +44,6 @@ log_has_errors() {
         grep -vE "Exception in callback None" | \
         grep -vE "deprecation: ERROR" | \
         grep -vE "code: 100" | \
-        grep -vE "/tmp/__salt.tmp." | \
-        grep -vE "retcode: 126" | \
-        grep -vE "/nsm/repo/rules/sigma/rules*" | \
         grep -vE "Running scope as unit" &> "$error_log"
     
     if [[ $? -eq 0 ]]; then