From a323aeb8fad1a0d55272ffc45b60b875c465dfef Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 16 Jun 2021 14:23:58 -0400 Subject: [PATCH 1/2] Allow so-elastic-auth to run before common even though the script has dependency on a common-provided script (benign error). This is needed first since common will need to know if auth is enabled --- salt/common/tools/sbin/so-elastic-auth | 2 +- setup/so-setup | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/so-elastic-auth b/salt/common/tools/sbin/so-elastic-auth index d4b8057a3..9e2843b5c 100644 --- a/salt/common/tools/sbin/so-elastic-auth +++ b/salt/common/tools/sbin/so-elastic-auth @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -. /usr/sbin/so-common +. /usr/sbin/so-common 2> /dev/null ES_AUTH_PILLAR=${ELASTIC_AUTH_PILLAR:-/opt/so/saltstack/local/pillar/elasticsearch/auth.sls} ES_USERS_FILE=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users} diff --git a/setup/so-setup b/setup/so-setup index f5f32f3d4..34802fef9 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -751,6 +751,10 @@ echo "1" > /root/accept_changes set_progress_str 60 "$(print_salt_state_apply 'manager')" salt-call state.apply -l info manager >> $setup_log 2>&1 + + echo "Executing so-elastic-auth..." >> $setup_log 2>&1 + ELASTIC_AUTH_SKIP_HIGHSTATE=true bash /opt/so/saltstack/default/salt/common/tools/sbin/so-elastic-auth >> $setup_log 2>&1 + echo "Finished so-elastic-auth..." >> $setup_log 2>&1 fi set_progress_str 61 "$(print_salt_state_apply 'firewall')" @@ -770,10 +774,6 @@ echo "1" > /root/accept_changes fi if [[ $is_manager || $is_helix || $is_import ]]; then - echo "Executing so-elastic-auth..." >> $setup_log 2>&1 - ELASTIC_AUTH_SKIP_HIGHSTATE=true bash /usr/sbin/so-elastic-auth >> $setup_log 2>&1 - echo "Finished so-elastic-auth..." >> $setup_log 2>&1 - set_progress_str 63 "$(print_salt_state_apply 'idstools')" create_local_nids_rules >> $setup_log 2>&1 salt-call state.apply -l info idstools >> $setup_log 2>&1 From fefd2677fb7122997da835b7be883a4edaf352af Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 16 Jun 2021 14:26:26 -0400 Subject: [PATCH 2/2] Only include so-common if available. It only is used for requiring root, but since this script is needed before common is installed, we can safely assume that it's being run as root already (during the install) --- salt/common/tools/sbin/so-elastic-auth | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-elastic-auth b/salt/common/tools/sbin/so-elastic-auth index 9e2843b5c..f6c19d76f 100644 --- a/salt/common/tools/sbin/so-elastic-auth +++ b/salt/common/tools/sbin/so-elastic-auth @@ -15,7 +15,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -. /usr/sbin/so-common 2> /dev/null +if [ -f "/usr/sbin/so-common" ]; then + . /usr/sbin/so-common +fi ES_AUTH_PILLAR=${ELASTIC_AUTH_PILLAR:-/opt/so/saltstack/local/pillar/elasticsearch/auth.sls} ES_USERS_FILE=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}