remove jinja from soup scripts

2025-12-06 17:22:49 +01:00 · 2022-01-24 15:49:55 -05:00
parent 86cfa07af9
commit 268e07e2a2
4 changed files with 28 additions and 43 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -4,8 +4,9 @@
 {% set role = grains.id.split('_') | last %}
 {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}

-{% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
 include:
+  - common.soup_scripts
+{% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
  - manager.elasticsearch # needed for elastic_curl_config state
 {% endif %}

@@ -214,6 +215,11 @@ utilsyncscripts:
        ELASTICCURL: 'curl'
    - context:
        ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
+    - exclude_pat:
+        - so-common
+        - so-firewall
+        - so-image-common
+        - soup

 {% if role in ['eval', 'standalone', 'sensor', 'heavynode'] %}
 # Add sensor cleanup
--- a/salt/common/soup_scripts.sls
+++ b/salt/common/soup_scripts.sls
@@ -0,0 +1,13 @@
+# Sync some Utilities
+soup_scripts:
+  file.recurse:
+    - name: /usr/sbin
+    - user: root
+    - group: root
+    - file_mode: 755
+    - source: salt://common/tools/sbin
+    - include_pat:
+        - so-common
+        - so-firewall
+        - so-image-common
+        - soup
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -517,8 +517,6 @@ valid_int() {
 	[[ $num =~ ^[0-9]*$ ]] && [[ $num -ge $min ]] && [[ $num -le $max ]] && return 0 || return 1
 }

-# {% raw %}
-
 valid_proxy() {
 	local proxy=$1
 	local url_prefixes=( 'http://' 'https://' )
@@ -561,8 +559,6 @@ valid_string() {
 	echo "$str" | grep -qP '^\S+$' && [[ ${#str} -ge $min_length ]] && [[ ${#str} -le $max_length ]] && return 0 || return 1
 }

-# {% endraw %}
-
 valid_username() {
 	local user=$1

--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -195,8 +195,6 @@ check_airgap() {
  fi
 }

-# {% raw %}
-
 check_local_mods() {
  local salt_local=/opt/so/saltstack/local

@@ -224,8 +222,6 @@ check_local_mods() {
  fi
 }

-# {% endraw %}
-
 check_pillar_items() {
  local pillar_output=$(salt-call pillar.items --out=json)

@@ -663,9 +659,6 @@ up_to_2.3.90() {
    fi
  done
  
-  # There was a bug in 2.3.0 so-firewall addhostgroup that was resolved in 2.3.1 - commit 32294eb2ed30ac74b15bb4bfab687084a928daf2
-  echo "Verify so-firewall is up to date"
-  verify_latest_so-firewall_script
  # Create Endgame Hostgroup
  echo "Adding endgame hostgroup with so-firewall"
  if so-firewall addhostgroup endgame 2>&1 | grep -q 'Already exists'; then
@@ -889,47 +882,24 @@ update_repo() {
 }

 verify_latest_update_script() {
-  #we need to render soup and so-common first since they contain jinja
-  salt-call slsutil.renderer $UPDATE_DIR/salt/common/tools/sbin/soup default_renderer='jinja' --local --out=newline_values_only --out-indent=-4 --out-file=/tmp/soup
-  sed -i -e '$a\' /tmp/soup
-  salt-call slsutil.renderer $UPDATE_DIR/salt/common/tools/sbin/so-common default_renderer='jinja' --local --out=newline_values_only --out-indent=-4 --out-file=/tmp/so-common
-  sed -i -e '$a\' /tmp/so-common
  # Check to see if the update scripts match. If not run the new one.
  CURRENTSOUP=$(md5sum /usr/sbin/soup | awk '{print $1}')
-  GITSOUP=$(md5sum /tmp/soup | awk '{print $1}')
+  GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}')
  CURRENTCMN=$(md5sum /usr/sbin/so-common | awk '{print $1}')
-  GITCMN=$(md5sum /tmp/so-common | awk '{print $1}')
+  GITCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-common | awk '{print $1}')
  CURRENTIMGCMN=$(md5sum /usr/sbin/so-image-common | awk '{print $1}')
  GITIMGCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-image-common | awk '{print $1}')
-
-  if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" ]]; then
-    echo "This version of the soup script is up to date. Proceeding."
-    rm -f /tmp/soup /tmp/so-common
-  else
-    echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete"
-    cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/
-    cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
-    cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
-    salt-call state.apply -l info common queue=True
-    echo ""
-    echo "soup has been updated. Please run soup again."
-    exit 0
-  fi
-}
-
-verify_latest_so-firewall_script() {
-  # Check to see if the so-firewall script matches. If not run the new one.
  CURRENTSOFIREWALL=$(md5sum /usr/sbin/so-firewall | awk '{print $1}')
  GITSOFIREWALL=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-firewall | awk '{print $1}')

-  if [[ "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then
-    echo "This version of the so-firewall script is up to date. Proceeding."
+  if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" && "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then
+    echo "This version of the soup script is up to date. Proceeding."
  else
-    echo "You are not running the latest version of so-firewall. Updating so-firewall."
-    cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/common/tools/sbin/
-    cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall /usr/sbin/
+    echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete"
+    salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt
    echo ""
-    echo "so-firewall has been updated."
+    echo "soup has been updated. Please run soup again."
+    exit 0
  fi
 }