[wip] Test proxy before using it

2025-12-06 09:12:45 +01:00 · 2021-03-03 15:02:21 -05:00
parent 1ea3cb1c61
commit 3d5cf128ae
3 changed files with 47 additions and 3 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -536,7 +536,8 @@ collect_patch_schedule_name_import() {
 }

 collect_proxy() {
-	if whiptail_proxy_ask; then
+	local ask=${1:-true}
+	if [[ $ask == true ]] && whiptail_proxy_ask; then

 		whiptail_proxy_addr

@@ -1748,7 +1749,6 @@ network_init_whiptail() {
 			whiptail_management_nic
 			;;
 	esac
-	collect_proxy
 }

 network_setup() {
@@ -1813,6 +1813,17 @@ print_salt_state_apply() {
 	echo "Applying $state Salt state"
 }

+proxy_validate() {
+	local test_url="https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
+	curl "$test_url" --proxy "$so_proxy" &> /dev/null
+	local ret=$?
+
+	if [[ $ret != 0 ]]; then
+		error "Could not reach $test_url using proxy $so_proxy"
+	fi
+	return $ret
+}
+
 reserve_group_ids() {
 	# This is a hack to fix CentOS from taking group IDs that we need
 	groupadd -g 928 kratos
@@ -2225,6 +2236,7 @@ set_path() {
 }

 set_proxy() {
+
 	# Don't proxy localhost, local ip, and management ip
 	local no_proxy_string="localhost, 127.0.0.1, ${MAINIP}"

@@ -2237,6 +2249,8 @@ set_proxy() {
 		echo "export no_proxy=\"${no_proxy_string}\""
 	} >> "$profile_d_config_file"

+	source "$profile_d_config_file"
+
 	[[ -d '/etc/systemd/system/docker.service.d' ]] || mkdir -p '/etc/systemd/system/docker.service.d'

 	# Create proxy config for dockerd 
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -198,6 +198,14 @@ if ! [[ -f $install_opt_file ]]; then
 			printf '%s\n' \
 				"MNIC=$MNIC" \
 				"HOSTNAME=$HOSTNAME" > "$net_init_file"
+			if [[ $is_manager ]]; then
+				collect_proxy
+				while ! proxy_validate; do
+					whiptail_invalid_proxy
+					collect_proxy no_ask
+				done
+				[[ -n "$proxy_addr" ]] && set_proxy >> $setup_log 2>&1
+			fi
 			whiptail_net_setup_complete
 		else
 			whiptail_install_type
@@ -289,6 +297,15 @@ if ! [[ -f $install_opt_file ]]; then
 	if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then
 		network_init
 	fi
+
+	if [[ $is_manager ]]; then
+		collect_proxy
+		while ! proxy_validate; do
+			whiptail_invalid_proxy
+			collect_proxy no_ask
+		done
+		[[ -n "$proxy_addr" ]] && set_proxy >> $setup_log 2>&1
+	fi
 	
 	if [[ -n "$TURBO" ]]; then
 		use_turbo_proxy
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -588,8 +588,21 @@ whiptail_invalid_input() { # TODO: This should accept a list of arguments to spe

 }

+whiptail_invalid_proxy() {
+	[ -n "$TESTING" ] && return
+
+	local message
+	read -r -d '' message <<- EOM
+	Could not reach test url using proxy ${so_proxy}. 
+	
+	Check log for details.
+	EOM
+
+	whiptail --title "Security Onion Setup" --msgbox "$message" 10 60
+}
+
 whiptail_invalid_string() {
-		[ -n "$TESTING" ] && return
+	[ -n "$TESTING" ] && return
 	
 	whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45