Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8

Update elastalert_indices_check() function to only delete Elastalert indices if major Elasticsearch version is less than 8. Also clean up the output to only emit one notification regarding index deletion, and additional verbiage around function operation.

salt/common/tools/sbin/soup

@@ -387,12 +387,7 @@ clone_to_tmp() {
 }
 
 elastalert_indices_check() {
-
+  echo "Checking Elastalert indices for compatibility..."
-  # Stop Elastalert to prevent Elastalert indices from being re-created
-  if grep -q "^so-elastalert$" /opt/so/conf/so-status/so-status.conf ; then
-    so-elastalert-stop || true
-  fi
-  
   # Wait for ElasticSearch to initialize
   echo -n "Waiting for ElasticSearch..."
   COUNT=0
@@ -409,8 +404,8 @@ elastalert_indices_check() {
         echo -n "."
       fi
   done
-  
+
-  # Unable to connect to Elasticsearch 
+  # Unable to connect to Elasticsearch
   if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
     echo
     echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
@@ -418,39 +413,51 @@ elastalert_indices_check() {
     exit 1
   fi
 
-  # Check Elastalert indices
+  MAJOR_ES_VERSION=$(so-elasticsearch-query / | jq -r .version.number | cut -d '.' -f1)
-  echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
+  if [[ "$MAJOR_ES_VERSION" -lt "8" ]]; then
-  CHECK_COUNT=0
+
-  while [[ "$CHECK_COUNT" -le 2 ]]; do
+    # Stop Elastalert to prevent Elastalert indices from being re-created
-    # Delete Elastalert indices
+    if grep -q "^so-elastalert$" /opt/so/conf/so-status/so-status.conf ; then
-    for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do
+      so-elastalert-stop || true
-      so-elasticsearch-query $i -XDELETE;
+    fi
+
+    # Check Elastalert indices
+    echo "Deleting Elastalert indices to prevent issues with upgrade to Elastic 8..."
+    CHECK_COUNT=0
+    while [[ "$CHECK_COUNT" -le 2 ]]; do
+      # Delete Elastalert indices
+      for i in $(so-elasticsearch-query _cat/indices | grep elastalert | awk '{print $3}'); do
+        so-elasticsearch-query $i -XDELETE;
+         done
+
+      # Check to ensure Elastalert indices are deleted
+      COUNT=0
+      ELASTALERT_INDICES_DELETED="no"
+      while [[ "$COUNT" -le 240 ]]; do
+        RESPONSE=$(so-elasticsearch-query "elastalert*")
+        if [[ "$RESPONSE" == "{}" ]]; then
+          ELASTALERT_INDICES_DELETED="yes"
+          break
+        else
+          ((COUNT+=1))
+          sleep 1
+          echo -n "."
+        fi
+      done
+      ((CHECK_COUNT+=1))
     done
 
-    # Check to ensure Elastalert indices are deleted
+    # If we were unable to delete the Elastalert indices, exit the script
-    COUNT=0
+    if [ "$ELASTALERT_INDICES_DELETED" == "yes" ]; then
-    ELASTALERT_INDICES_DELETED="no"
+      echo "Elastalert indices successfully deleted."
-    while [[ "$COUNT" -le 240 ]]; do
+    else
-      RESPONSE=$(so-elasticsearch-query elastalert*)
+      echo
-      if [[ "$RESPONSE" == "{}" ]]; then
+      echo -e "Unable to connect to delete Elastalert indices. Exiting."
-        ELASTALERT_INDICES_DELETED="yes"
+      echo
-        echo "Elastalert indices successfully deleted."
+      exit 1
-        break
+    fi
-      else
+  else
-        ((COUNT+=1))
+    echo "Major Elasticsearch version is greater than 7...skipping Elastalert index maintenance."
-        sleep 1
-        echo -n "."
-      fi
-    done
-    ((CHECK_COUNT+=1))
-  done
-
-  # If we were unable to delete the Elastalert indices, exit the script
-  if [ "$ELASTALERT_INDICES_DELETED" == "no" ]; then
-    echo
-    echo -e "Unable to connect to delete Elastalert indices. Exiting."
-    echo
-    exit 1
   fi
 }