run optional integrations script so packages get installed. Hold updates unless auto_update_integrations is set

2025-12-06 09:12:45 +01:00 · 2025-04-21 14:29:37 -05:00
parent 4e6c707067
commit 4b7478654f
2 changed files with 7 additions and 4 deletions
--- a/salt/elasticfleet/enabled.sls
+++ b/salt/elasticfleet/enabled.sls
@@ -151,13 +151,9 @@ so-elastic-fleet-integration-upgrade:
  cmd.run:
    - name: /usr/sbin/so-elastic-fleet-integration-upgrade

-{# CHECK THAT THIS STILL INSTALLS ALL INTEGRATIONS IN THE 2.4.130 SOUP #}
-{#  Subsequent runs should not modify the initially installed integration version.. until switch is flipped #}
-{%   if ELASTICFLEETMERGED.config.auto_upgrade_integrations %}
 so-elastic-fleet-addon-integrations:
  cmd.run:
    - name: /usr/sbin/so-elastic-fleet-optional-integrations-load
-{%   endif %}

 {%   if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %}
 so-elastic-defend-manage-filters-file-watch:
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load
@@ -4,6 +4,7 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
 # this file except in compliance with the Elastic License 2.0.
 {% set SUB = salt['pillar.get']('elasticfleet:config:subscription_integrations', default=false) %}
+{% set AUTO_UPGRADE_INTEGRATIONS = salt['pillar.get']('elasticfleet:config:auto_upgrade_integrations', default=false) %}

 . /usr/sbin/so-common
 . /usr/sbin/so-elastic-fleet-common
@@ -74,6 +75,8 @@ if [[ -f $STATE_FILE_SUCCESS  ]]; then
                        jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST

                        PENDING_UPDATE=true
+                    {# only include upgrading optional integrations when auto_upgrade_integrations is true. DEFAULT integrations are upgraded using so-elastic-fleet-package-upgrade #}
+                    {%- if AUTO_UPGRADE_INTEGRATIONS %}
                    else
                        results=$(compare_versions "$latest_version" "$installed_version")
                        if [ $results == "greater" ]; then
@@ -82,6 +85,7 @@ if [[ -f $STATE_FILE_SUCCESS  ]]; then

                            PENDING_UPDATE=true
                        fi
+                    {%- endif %}
                    fi
                fi
            {% else %}
@@ -89,6 +93,8 @@ if [[ -f $STATE_FILE_SUCCESS  ]]; then
                    echo "$package_name is not installed... Adding to next update."
                    jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST
                    PENDING_UPDATE=true
+                {# only include upgrading optional integrations when auto_upgrade_integrations is true. DEFAULT integrations are upgraded using so-elastic-fleet-package-upgrade #}
+                {%- if AUTO_UPGRADE_INTEGRATIONS %}
                else
                    results=$(compare_versions "$latest_version" "$installed_version")
                    if [ $results == "greater" ]; then
@@ -96,6 +102,7 @@ if [[ -f $STATE_FILE_SUCCESS  ]]; then
                        jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST
                        PENDING_UPDATE=true
                    fi
+                {%- endif %}
                fi
            {% endif %}
            else