From 409612ff1f178d33582ff18d136dba5a5ea7a10d Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 11 Sep 2024 14:56:57 +0000 Subject: [PATCH 01/14] Add script to upgrade integrations --- .../sbin/so-elastic-fleet-integration-upgrade | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade new file mode 100644 index 000000000..1c94c5017 --- /dev/null +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -0,0 +1,52 @@ +#!/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-elastic-fleet-common-2 + +RETURN_CODE=0 + +if [ ! -f /opt/so/state/eaintegrationupgrade.txt ]; then + # Let's snag a cookie from Kibana + SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') + + # List agent policies + for AGENT_POLICY in $(elastic_fleet_agent_policy_names); do + IFS=$'\n' + for INTEGRATION in $(elastic_fleet_integration_policy_names "$AGENT_POLICY"); do + if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then + echo "$INTEGRATION" + # Get package name so we know what package to look for when checking the current and latest available version + PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") + # Get currently installed version of package + PACKAGE_VERSION=$(elastic_fleet_integration_policy_package_version "$AGENT_POLICY" "$INTEGRATION") + # Get latest available version of package + AVAILABLE_VERSION=$(elastic_fleet_package_latest_version_check "$PACKAGE_NAME") + INTEGRATION_ID=$(elastic_fleet_integration_id "$AGENT_POLICY" "$INTEGRATION" ) + if [[ "$PACKAGE_VERSION" != "$AVAILABLE_VERSION" ]]; then + # Dry run of upgrade + echo "Current $PACKAGE_NAME package version ($PACKAGE_VERSION) is not the same as the latest available package ($AVAILABLE_VERSION)..." + echo "Upgrading $INTEGRATION..." + echo "Starting dry run..." + DRYRUN_ERRORS=$(elastic_fleet_integration_policy_dryrun_upgrade "$INTEGRATION_ID" | jq .[].hasErrors) + # If no errors with dry run, proceed with actual upgrade + if [[ "$DRYRUN_ERRORS" == "false" ]]; then + echo "No errors detected. Proceeding with upgrade..." + elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID" + else + echo "Errors detected. Stopping upgrade..." + exit 1 + fi + fi + fi + done + done + if [[ "$RETURN_CODE" != "1" ]]; then + touch /opt/so/state/eaintegrationupgrade.txt + fi + echo +else + exit $RETURN_CODE +fi From 5112f5c9ce97498fa7b057037f0faaf2ef1a932a Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 11 Sep 2024 14:58:01 +0000 Subject: [PATCH 02/14] Run upgrade during state apply --- salt/elasticfleet/enabled.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index af5e552eb..26738b688 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -142,6 +142,10 @@ so-elastic-agent-grid-upgrade: cmd.run: - name: /usr/sbin/so-elastic-agent-grid-upgrade - retry: True + +so-elastic-fleet-integration-upgrade: + cmd.run: + - name: /usr/sbin/so-elastic-fleet-integration-upgrade {% endif %} delete_so-elastic-fleet_so-status.disabled: From 061f42626c16c23761595cbdaf406a856d05ce54 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 11 Sep 2024 15:00:55 +0000 Subject: [PATCH 03/14] Add functions to common --- .../tools/sbin/so-elastic-fleet-common | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common index 48ff3518a..d5b27c315 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common @@ -102,6 +102,38 @@ elastic_fleet_package_is_installed() { curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET -H 'kbn-xsrf: true' "localhost:5601/api/fleet/epm/packages/$PACKAGE" | jq -r '.item.status' } +elastic_fleet_agent_policy_names() { + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies" | jq -r .items[].name +} + +elastic_fleet_integration_policy_names() { + AGENT_POLICY=$1 + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r .item.package_policies[].name +} + +elastic_fleet_integration_policy_package_name() { + AGENT_POLICY=$1 + INTEGRATION=$2 + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .package.name' +} + +elastic_fleet_integration_policy_package_version() { + AGENT_POLICY=$1 + INTEGRATION=$2 + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .package.version' +} + +elastic_fleet_integration_id() { + AGENT_POLICY=$1 + INTEGRATION=$2 + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .id' +} + +elastic_fleet_integration_policy_dryrun_upgrade() { + INTEGRATION_ID=$1 + curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -H "Content-Type: application/json" -H 'kbn-xsrf: true' -L -X POST "localhost:5601/api/fleet/package_policies/upgrade/dryrun" -d "{\"packagePolicyIds\":[\"$INTEGRATION_ID\"]}" +} + elastic_fleet_policy_create() { NAME=$1 From e4fa47f27e302434fdc6b67bff56847b1cd1898d Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 11 Sep 2024 15:01:30 +0000 Subject: [PATCH 04/14] Fix common source --- .../tools/sbin/so-elastic-fleet-integration-upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index 1c94c5017..496bfaa70 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-elastic-fleet-common-2 +. /usr/sbin/so-elastic-fleet-common RETURN_CODE=0 From 7f65d122a8b41c942862f1d4e8d9023ac7d00c66 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 11 Sep 2024 15:54:34 -0400 Subject: [PATCH 05/14] Remove echo --- .../elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index 496bfaa70..d7f4257a9 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -17,7 +17,6 @@ if [ ! -f /opt/so/state/eaintegrationupgrade.txt ]; then IFS=$'\n' for INTEGRATION in $(elastic_fleet_integration_policy_names "$AGENT_POLICY"); do if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then - echo "$INTEGRATION" # Get package name so we know what package to look for when checking the current and latest available version PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") # Get currently installed version of package From 2ec3f52ea66d2418cc7874029e17cf2c1075e02b Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 12 Sep 2024 17:57:41 -0400 Subject: [PATCH 06/14] Don't use state; set IFS --- .../sbin/so-elastic-fleet-integration-upgrade | 29 +++++++------------ 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index d7f4257a9..4486e1244 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -6,17 +6,14 @@ . /usr/sbin/so-elastic-fleet-common -RETURN_CODE=0 +# Let's snag a cookie from Kibana +SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') -if [ ! -f /opt/so/state/eaintegrationupgrade.txt ]; then - # Let's snag a cookie from Kibana - SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') - - # List agent policies - for AGENT_POLICY in $(elastic_fleet_agent_policy_names); do - IFS=$'\n' - for INTEGRATION in $(elastic_fleet_integration_policy_names "$AGENT_POLICY"); do - if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then +# List agent policies +for AGENT_POLICY in $(elastic_fleet_agent_policy_names); do + IFS=$'\n' + for INTEGRATION in $(elastic_fleet_integration_policy_names "$AGENT_POLICY"); do + if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then # Get package name so we know what package to look for when checking the current and latest available version PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") # Get currently installed version of package @@ -39,13 +36,7 @@ if [ ! -f /opt/so/state/eaintegrationupgrade.txt ]; then exit 1 fi fi - fi - done + fi done - if [[ "$RETURN_CODE" != "1" ]]; then - touch /opt/so/state/eaintegrationupgrade.txt - fi - echo -else - exit $RETURN_CODE -fi +done +echo From 2e85dcc36afd285cd9099052149ed1dba2bf321e Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 12 Sep 2024 17:59:39 -0400 Subject: [PATCH 07/14] Set IFS --- .../elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index 4486e1244..d4463e7f3 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -10,6 +10,7 @@ SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') # List agent policies +IFS=$'\n' for AGENT_POLICY in $(elastic_fleet_agent_policy_names); do IFS=$'\n' for INTEGRATION in $(elastic_fleet_integration_policy_names "$AGENT_POLICY"); do From 662f906f9d3710ff61532da61df0679e367b25f0 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 13 Sep 2024 09:16:53 -0400 Subject: [PATCH 08/14] Remove IFS --- .../elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index d4463e7f3..eb812ebf6 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -12,7 +12,6 @@ SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET ht # List agent policies IFS=$'\n' for AGENT_POLICY in $(elastic_fleet_agent_policy_names); do - IFS=$'\n' for INTEGRATION in $(elastic_fleet_integration_policy_names "$AGENT_POLICY"); do if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then # Get package name so we know what package to look for when checking the current and latest available version From 06c0d5b0f53b6a7281fda18789657517b83916fa Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Fri, 13 Sep 2024 10:13:11 -0400 Subject: [PATCH 09/14] Update so-elastic-fleet-integration-upgrade --- .../sbin/so-elastic-fleet-integration-upgrade | 108 +++++++++++++----- 1 file changed, 79 insertions(+), 29 deletions(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index eb812ebf6..99d0b82a9 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -6,37 +6,87 @@ . /usr/sbin/so-elastic-fleet-common -# Let's snag a cookie from Kibana -SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') +curl_output=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/) +if [ $? -ne 0 ]; then + echo "Error: Failed to connect to localhost:5601 to obtain session cookie." + exit 1 +fi + +SESSIONCOOKIE=$(echo "$curl_output" | grep sid | awk '{print $7}') +if [ -z "$SESSIONCOOKIE" ]; then + echo "Warning: Session cookie is empty." +fi -# List agent policies IFS=$'\n' -for AGENT_POLICY in $(elastic_fleet_agent_policy_names); do - for INTEGRATION in $(elastic_fleet_integration_policy_names "$AGENT_POLICY"); do - if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then - # Get package name so we know what package to look for when checking the current and latest available version - PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") - # Get currently installed version of package - PACKAGE_VERSION=$(elastic_fleet_integration_policy_package_version "$AGENT_POLICY" "$INTEGRATION") - # Get latest available version of package - AVAILABLE_VERSION=$(elastic_fleet_package_latest_version_check "$PACKAGE_NAME") - INTEGRATION_ID=$(elastic_fleet_integration_id "$AGENT_POLICY" "$INTEGRATION" ) - if [[ "$PACKAGE_VERSION" != "$AVAILABLE_VERSION" ]]; then - # Dry run of upgrade - echo "Current $PACKAGE_NAME package version ($PACKAGE_VERSION) is not the same as the latest available package ($AVAILABLE_VERSION)..." - echo "Upgrading $INTEGRATION..." - echo "Starting dry run..." - DRYRUN_ERRORS=$(elastic_fleet_integration_policy_dryrun_upgrade "$INTEGRATION_ID" | jq .[].hasErrors) - # If no errors with dry run, proceed with actual upgrade - if [[ "$DRYRUN_ERRORS" == "false" ]]; then - echo "No errors detected. Proceeding with upgrade..." - elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID" - else - echo "Errors detected. Stopping upgrade..." - exit 1 - fi - fi +agent_policies=$(elastic_fleet_agent_policy_names) +if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve agent policies." + exit 1 +fi + +for AGENT_POLICY in $agent_policies; do + integrations=$(elastic_fleet_integration_policy_names "$AGENT_POLICY") + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve integration policies for agent policy '$AGENT_POLICY'." + exit 1 fi - done + + for INTEGRATION in $integrations; do + if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then + # Get package name so we know what package to look for when checking the current and latest available version + PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve package name for integration '$INTEGRATION' in agent policy '$AGENT_POLICY'." + exit 1 + fi + + # Get currently installed version of package + PACKAGE_VERSION=$(elastic_fleet_integration_policy_package_version "$AGENT_POLICY" "$INTEGRATION") + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve package version for integration '$INTEGRATION' in agent policy '$AGENT_POLICY'." + exit 1 + fi + + # Get latest available version of package + AVAILABLE_VERSION=$(elastic_fleet_package_latest_version_check "$PACKAGE_NAME") + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve latest available version for package '$PACKAGE_NAME'." + exit 1 + fi + + INTEGRATION_ID=$(elastic_fleet_integration_id "$AGENT_POLICY" "$INTEGRATION") + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve integration ID for '$INTEGRATION' in agent policy '$AGENT_POLICY'." + exit 1 + fi + + if [[ "$PACKAGE_VERSION" != "$AVAILABLE_VERSION" ]]; then + # Dry run of the upgrade + echo "Current $PACKAGE_NAME package version ($PACKAGE_VERSION) is not the same as the latest available package ($AVAILABLE_VERSION)..." + echo "Upgrading $INTEGRATION..." + echo "Starting dry run..." + + DRYRUN_OUTPUT=$(elastic_fleet_integration_policy_dryrun_upgrade "$INTEGRATION_ID") + if [ $? -ne 0 ]; then + echo "Error: Dry run upgrade failed for integration ID '$INTEGRATION_ID'." + exit 1 + fi + + DRYRUN_ERRORS=$(echo "$DRYRUN_OUTPUT" | jq .[].hasErrors) + # If no errors with dry run, proceed with actual upgrade + if [[ "$DRYRUN_ERRORS" == "false" ]]; then + echo "No errors detected. Proceeding with upgrade..." + elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID" + if [ $? -ne 0 ]; then + echo "Error: Upgrade failed for integration ID '$INTEGRATION_ID'." + exit 1 + fi + else + echo "Errors detected during dry run. Stopping upgrade..." + exit 1 + fi + fi + fi + done done echo From da47d247c98e7fcc37f886a4709e3dfeeede6a36 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 13 Sep 2024 13:24:55 -0400 Subject: [PATCH 10/14] Remove check for cookie --- .../tools/sbin/so-elastic-fleet-integration-upgrade | 5 ----- 1 file changed, 5 deletions(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index 99d0b82a9..a8f8df27b 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -12,11 +12,6 @@ if [ $? -ne 0 ]; then exit 1 fi -SESSIONCOOKIE=$(echo "$curl_output" | grep sid | awk '{print $7}') -if [ -z "$SESSIONCOOKIE" ]; then - echo "Warning: Session cookie is empty." -fi - IFS=$'\n' agent_policies=$(elastic_fleet_agent_policy_names) if [ $? -ne 0 ]; then From fa333489104b4f88e4af052b4bfeafcf96368aee Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 13 Sep 2024 13:26:17 -0400 Subject: [PATCH 11/14] Change message --- .../tools/sbin/so-elastic-fleet-integration-upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index a8f8df27b..5e2b95d5b 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -8,7 +8,7 @@ curl_output=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/) if [ $? -ne 0 ]; then - echo "Error: Failed to connect to localhost:5601 to obtain session cookie." + echo "Error: Failed to connect to Kibana." exit 1 fi From bc71af7a1fbc1995df388044fe88a83ebe5b8a6e Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 13 Sep 2024 13:27:26 -0400 Subject: [PATCH 12/14] Check status --- .../tools/sbin/so-elastic-fleet-common | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common index d5b27c315..a07c7c8bc 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common @@ -104,34 +104,58 @@ elastic_fleet_package_is_installed() { elastic_fleet_agent_policy_names() { curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies" | jq -r .items[].name + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve agent policies." + exit 1 + fi } elastic_fleet_integration_policy_names() { AGENT_POLICY=$1 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r .item.package_policies[].name + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve integrations." + exit 1 + fi } elastic_fleet_integration_policy_package_name() { AGENT_POLICY=$1 INTEGRATION=$2 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .package.name' + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve package name." + exit 1 + fi } elastic_fleet_integration_policy_package_version() { AGENT_POLICY=$1 INTEGRATION=$2 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .package.version' + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve package version." + exit 1 + fi } elastic_fleet_integration_id() { AGENT_POLICY=$1 INTEGRATION=$2 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .id' + if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve integration ID." + exit 1 + fi } elastic_fleet_integration_policy_dryrun_upgrade() { INTEGRATION_ID=$1 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -H "Content-Type: application/json" -H 'kbn-xsrf: true' -L -X POST "localhost:5601/api/fleet/package_policies/upgrade/dryrun" -d "{\"packagePolicyIds\":[\"$INTEGRATION_ID\"]}" + if [ $? -ne 0 ]; then + echo "Error: Failed to complete dry run." + exit 1 + fi } elastic_fleet_policy_create() { From 973b93e33218828cf1de146d8e9d06f3b305d272 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 13 Sep 2024 13:49:53 -0400 Subject: [PATCH 13/14] Remove check for error --- .../sbin/so-elastic-fleet-integration-upgrade | 29 ++----------------- 1 file changed, 2 insertions(+), 27 deletions(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade index 5e2b95d5b..bdf93bad3 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade @@ -21,53 +21,28 @@ fi for AGENT_POLICY in $agent_policies; do integrations=$(elastic_fleet_integration_policy_names "$AGENT_POLICY") - if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve integration policies for agent policy '$AGENT_POLICY'." - exit 1 - fi - for INTEGRATION in $integrations; do if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then # Get package name so we know what package to look for when checking the current and latest available version PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") - if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve package name for integration '$INTEGRATION' in agent policy '$AGENT_POLICY'." - exit 1 - fi # Get currently installed version of package PACKAGE_VERSION=$(elastic_fleet_integration_policy_package_version "$AGENT_POLICY" "$INTEGRATION") - if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve package version for integration '$INTEGRATION' in agent policy '$AGENT_POLICY'." - exit 1 - fi # Get latest available version of package AVAILABLE_VERSION=$(elastic_fleet_package_latest_version_check "$PACKAGE_NAME") - if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve latest available version for package '$PACKAGE_NAME'." - exit 1 - fi + # Get integration ID INTEGRATION_ID=$(elastic_fleet_integration_id "$AGENT_POLICY" "$INTEGRATION") - if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve integration ID for '$INTEGRATION' in agent policy '$AGENT_POLICY'." - exit 1 - fi if [[ "$PACKAGE_VERSION" != "$AVAILABLE_VERSION" ]]; then # Dry run of the upgrade echo "Current $PACKAGE_NAME package version ($PACKAGE_VERSION) is not the same as the latest available package ($AVAILABLE_VERSION)..." echo "Upgrading $INTEGRATION..." echo "Starting dry run..." - DRYRUN_OUTPUT=$(elastic_fleet_integration_policy_dryrun_upgrade "$INTEGRATION_ID") - if [ $? -ne 0 ]; then - echo "Error: Dry run upgrade failed for integration ID '$INTEGRATION_ID'." - exit 1 - fi - DRYRUN_ERRORS=$(echo "$DRYRUN_OUTPUT" | jq .[].hasErrors) + # If no errors with dry run, proceed with actual upgrade if [[ "$DRYRUN_ERRORS" == "false" ]]; then echo "No errors detected. Proceeding with upgrade..." From 57e06dced292004912f2a2853ada3a81828fc8ef Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 13 Sep 2024 13:52:01 -0400 Subject: [PATCH 14/14] Change message --- salt/elasticfleet/tools/sbin/so-elastic-fleet-common | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common index a07c7c8bc..fadf18b5f 100644 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common @@ -114,7 +114,7 @@ elastic_fleet_integration_policy_names() { AGENT_POLICY=$1 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r .item.package_policies[].name if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve integrations." + echo "Error: Failed to retrieve integrations for '$AGENT_POLICY'." exit 1 fi } @@ -124,7 +124,7 @@ elastic_fleet_integration_policy_package_name() { INTEGRATION=$2 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .package.name' if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve package name." + echo "Error: Failed to retrieve package name for '$INTEGRATION' in '$AGENT_POLICY'." exit 1 fi } @@ -134,7 +134,7 @@ elastic_fleet_integration_policy_package_version() { INTEGRATION=$2 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .package.version' if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve package version." + echo "Error: Failed to retrieve package version for '$INTEGRATION' in '$AGENT_POLICY'." exit 1 fi } @@ -144,7 +144,7 @@ elastic_fleet_integration_id() { INTEGRATION=$2 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$AGENT_POLICY" | jq -r --arg INTEGRATION "$INTEGRATION" '.item.package_policies[] | select(.name==$INTEGRATION)| .id' if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve integration ID." + echo "Error: Failed to retrieve integration ID for '$INTEGRATION' in '$AGENT_POLICY'." exit 1 fi } @@ -153,7 +153,7 @@ elastic_fleet_integration_policy_dryrun_upgrade() { INTEGRATION_ID=$1 curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -H "Content-Type: application/json" -H 'kbn-xsrf: true' -L -X POST "localhost:5601/api/fleet/package_policies/upgrade/dryrun" -d "{\"packagePolicyIds\":[\"$INTEGRATION_ID\"]}" if [ $? -ne 0 ]; then - echo "Error: Failed to complete dry run." + echo "Error: Failed to complete dry run for '$INTEGRATION_ID'." exit 1 fi }