Merge remote-tracking branch 'origin/2.4/dev' into upgrade/docker

salt/common/tools/sbin/so-common

@@ -677,7 +677,8 @@ has_uppercase() {
 }
 
 update_elastic_agent() {
-	get_elastic_agent_vars
+	local path="${1:-/opt/so/saltstack/default}"
+	get_elastic_agent_vars "$path"
 	echo "Checking if Elastic Agent update is necessary..."
 	download_and_verify "$ELASTIC_AGENT_URL" "$ELASTIC_AGENT_MD5_URL" "$ELASTIC_AGENT_FILE" "$ELASTIC_AGENT_MD5" "$ELASTIC_AGENT_EXPANSION_DIR"
 }

salt/common/tools/sbin/so-image-common

@@ -143,9 +143,12 @@ update_docker_containers() {
       $PROGRESS_CALLBACK $i
     fi
 
-    # use version defined in elasticsearch defaults.yaml if an es container
     if [[ " ${IMAGES_USING_ES_VERSION[*]} " =~ [[:space:]]${i}[[:space:]] ]]; then
+      # this is an es container so use version defined in elasticsearch defaults.yaml
       local UPDATE_DIR='/tmp/sogh/securityonion'
+      if [ ! -d "$UPDATE_DIR" ]; then
+        UPDATE_DIR=/securityonion
+      fi
       local v1=0
       local v2=0
       if [[ -f "$UPDATE_DIR/salt/elasticsearch/defaults.yaml" ]]; then
@@ -156,8 +159,8 @@ update_docker_containers() {
       fi
       local highest_es_version=$(compare_es_versions "$v1" "$v2")
       local image=$i:$highest_es_version$IMAGE_TAG_SUFFIX
-    # use the so version for the version
     else
+      # this is not an es container so use the so version for the version
       local image=$i:$VERSION$IMAGE_TAG_SUFFIX
     fi
     # Pull down the trusted docker image

salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-grid-upgrade

@@ -5,7 +5,7 @@
 # this file except in compliance with the Elastic License 2.0.
 
 . /usr/sbin/so-common
-{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS -%}
+{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS %}
 
 # Only run on Managers
 if ! is_manager_node; then

salt/manager/tools/sbin/soup

@@ -837,12 +837,13 @@ determine_elastic_agent_upgrade() {
   if [[ $is_airgap -eq 0 ]]; then
     update_elastic_agent_airgap
   else
-    update_elastic_agent
+    # the new elasticsearch defaults.yaml file is not yet placed in /opt/so/saltstack/default/salt/elasticsearch yet
+    update_elastic_agent "$UPDATE_DIR"
   fi
 }
 
 update_elastic_agent_airgap() {
-  get_elastic_agent_vars
+  get_elastic_agent_vars "/tmp/soagupdate/SecurityOnion"
   rsync -av /tmp/soagupdate/fleet/* /nsm/elastic-fleet/artifacts/
   tar -xf "$ELASTIC_AGENT_FILE" -C "$ELASTIC_AGENT_EXPANSION_DIR"
 }

salt/suricata/tools/sbin/so-suricata-reload-rules

@@ -7,5 +7,5 @@
 
 . /usr/sbin/so-common
 
-retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}'
-retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}'
+retry 60 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}' || fail "The Suricata container was not ready in time."
+retry 60 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}' || fail "The Suricata container was not ready in time."

setup/so-setup

@@ -759,8 +759,8 @@ if ! [[ -f $install_opt_file ]]; then
 			title "Downloading IDS Rules"
 			logCmd "so-rule-update"
 			if [[ $monints || $is_import ]]; then
-				title "Restarting Suricata to pick up the new rules"
-				logCmd "so-suricata-restart"
+				title "Applying the Suricata state to load the new rules"
+				logCmd "salt-call state.apply suricata -l info"
 			fi
 		fi
 		title "Setting up Kibana Default Space"