From 3efaba11041df34e3bb74762241e013229c4238e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 11:04:26 -0500 Subject: [PATCH] modify soup to update soup scripts without using salt --- salt/common/init.sls | 13 ++++++++++++- salt/common/soup_scripts.sls | 23 ----------------------- salt/manager/tools/sbin/soup | 23 ++++++++--------------- 3 files changed, 20 insertions(+), 39 deletions(-) delete mode 100644 salt/common/soup_scripts.sls diff --git a/salt/common/init.sls b/salt/common/init.sls index 5f13c3893..51836daf6 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -4,7 +4,6 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} include: - - common.soup_scripts - common.packages {% if GLOBALS.role in GLOBALS.manager_roles %} - manager.elasticsearch # needed for elastic_curl_config state @@ -134,6 +133,18 @@ common_sbin_jinja: - file_mode: 755 - template: jinja +{% if not GLOBALS.is_manager%} +# prior to 2.4.50 these scripts were in common/tools/sbin on the manager because of soup and distributed to non managers +# these two states remove the scripts from non manager nodes +remove_soup: + file.absent: + - name: /usr/sbin/soup + +remove_so-firewall: + file.absent: + - name: /usr/sbin/so-firewall +{% endif %} + so-status_script: file.managed: - name: /usr/sbin/so-status diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls deleted file mode 100644 index 041649200..000000000 --- a/salt/common/soup_scripts.sls +++ /dev/null @@ -1,23 +0,0 @@ -# Sync some Utilities -soup_scripts: - file.recurse: - - name: /usr/sbin - - user: root - - group: root - - file_mode: 755 - - source: salt://common/tools/sbin - - include_pat: - - so-common - - so-image-common - -soup_manager_scripts: - file.recurse: - - name: /usr/sbin - - user: root - - group: root - - file_mode: 755 - - source: salt://manager/tools/sbin - - include_pat: - - so-firewall - - so-repo-sync - - soup diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 600cb5d4e..3254a61dd 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -794,21 +794,14 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." - cp $UPDATE_DIR/salt/manager/tools/sbin/soup $DEFAULT_SALT_DIR/salt/manager/tools/sbin/ - cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ - cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ - cp $UPDATE_DIR/salt/manager/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/manager/tools/sbin/ - salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local - # Verify that soup scripts updated as expected - get_soup_script_hashes - if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" && "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then - echo "Succesfully updated soup scripts." - else - # When STIGs are enabled soup scripts will fail to update using --file-root --local. - # After checking that the expected hashes are not present, retry updating soup scripts using salt master. - echo "There was a problem updating soup scripts.. Trying to rerun script update" - salt-call state.apply common.soup_scripts queue=True -linfo - fi + rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup + rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall + + cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. + cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. + cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. + cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. + echo "" echo "The soup script has been modified. Please run soup again to continue the upgrade." exit 0