CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

[refactor] More case statements. local vars, and double quoted strings

Browse Source
This commit is contained in:
William Wernert
2020-04-18 18:36:12 -04:00
parent a7539c111e
commit 74375fe839
1 changed files with 211 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

426
setup/so-functions
View File

@@ -248,8 +248,12 @@ check_network_manager_conf() {
# $2 => confirm password # $2 => confirm password
# $3 => variable to set # $3 => variable to set
check_pass_match() { check_pass_match() {
if [ "$1" = "$2" ]; then local pass=$1
eval "$3"="\"yes\"" local confirm_pass=$2
local var=$3
if [ "$pass" = "$confirm_pass" ]; then
eval "$var"="\"yes\""
else else
whiptail_passwords_dont_match whiptail_passwords_dont_match
fi fi
@@ -288,7 +292,7 @@ clear_master() {
collect_webuser_inputs() { collect_webuser_inputs() {
# Get a password for the web admin user # Get a password for the web admin user
VALIDUSER=no local VALIDUSER=no
while [ $VALIDUSER != yes ]; do while [ $VALIDUSER != yes ]; do
whiptail_create_web_user whiptail_create_web_user
if so-user valemail "$WEBUSER"; then if so-user valemail "$WEBUSER"; then
@@ -466,10 +470,10 @@ detect_os() {
elif grep -q "CentOS Linux release 8" /etc/redhat-release; then elif grep -q "CentOS Linux release 8" /etc/redhat-release; then
OSVER=8 OSVER=8
echo "We currently do not support CentOS $OSVER but we are working on it!" echo "We currently do not support CentOS $OSVER but we are working on it!"
exit exit 1
else else
echo "We do not support the version of CentOS you are trying to use." echo "We do not support the version of CentOS you are trying to use."
exit exit 1
fi fi
# Install bind-utils so the host command exists # Install bind-utils so the host command exists
@@ -484,7 +488,7 @@ detect_os() {
OSVER=xenial OSVER=xenial
else else
echo "We do not support your current version of Ubuntu." echo "We do not support your current version of Ubuntu."
exit exit 1
fi fi
# Install network manager so we can do interface stuff # Install network manager so we can do interface stuff
{ {
@@ -495,7 +499,7 @@ detect_os() {
else else
echo "We were unable to determine if you are using a supported OS." echo "We were unable to determine if you are using a supported OS."
exit exit 1
fi fi
echo "Found OS: $OS $OSVER" >> "$SETUPLOG" 2>&1 echo "Found OS: $OS $OSVER" >> "$SETUPLOG" 2>&1
@@ -663,27 +667,27 @@ filter_unused_nics() {
fireeye_pillar() { fireeye_pillar() {
local FIREEYEPILLARPATH=/opt/so/saltstack/pillar/fireeye local fireeye_pillar_path=/opt/so/saltstack/pillar/fireeye
mkdir -p "$FIREEYEPILLARPATH" mkdir -p "$fireeye_pillar_path"
printf '%s\n'\ printf '%s\n'\
"fireeye:"\ "fireeye:"\
" helix:"\ " helix:"\
" api_key: $HELIXAPIKEY" " api_key: $HELIXAPIKEY"
"" > "$FIREEYEPILLARPATH"/init.sls "" > "$fireeye_pillar_path"/init.sls
} }
fleet_pillar() { fleet_pillar() {
local PILLARFILE="$TMP"/pillar/minions/"$MINION_ID".sls local pillar_file="$TMP"/pillar/minions/"$MINION_ID".sls
# Create the fleet pillar # Create the fleet pillar
printf '%s\n'\ printf '%s\n'\
"fleet:"\ "fleet:"\
" mainip: $MAINIP"\ " mainip: $MAINIP"\
" master: $MSRV"\ " master: $MSRV"\
"" > "$PILLARFILE" "" > "$pillar_file"
} }
generate_passwords(){ generate_passwords(){
@@ -724,6 +728,8 @@ get_main_ip() {
# Get the main IP address the box is using # Get the main IP address the box is using
# FIXME: find a way to get the ip of MNIC instead
# Add some logic because Bubntu 18.04 like to be different # Add some logic because Bubntu 18.04 like to be different
if [ $OSVER = 'bionic' ]; then if [ $OSVER = 'bionic' ]; then
MAINIP=$(ip route get 1 | awk '{print $7;exit}') MAINIP=$(ip route get 1 | awk '{print $7;exit}')
@@ -731,6 +737,7 @@ get_main_ip() {
MAINIP=$(ip route get 1 | awk '{print $NF;exit}') MAINIP=$(ip route get 1 | awk '{print $NF;exit}')
fi fi
# FIXME: should MAININT be MNIC?
MAININT=$(ip route get 1 | awk '{print $5;exit}') MAININT=$(ip route get 1 | awk '{print $5;exit}')
} }
@@ -789,21 +796,27 @@ install_master() {
ls_heapsize() { ls_heapsize() {
# Determine LS Heap Size if [ "$TOTAL_MEM" -ge 32000 ]; then
if [ "$TOTAL_MEM" -ge 32000 ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ] || [ "$INSTALLTYPE" = 'HEAVYNODE' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ]; then LS_HEAP_SIZE='1000m'
LS_HEAP_SIZE="1000m" return
elif [ "$INSTALLTYPE" = 'EVAL' ]; then fi
LS_HEAP_SIZE="700m"
else
# If minimal RAM, then set minimal heap
LS_HEAP_SIZE="500m"
fi
case "$INSTALLTYPE" in
'MASTERSEARCH' | 'HEAVYNODE' | 'HELIXSENSOR')
LS_HEAP_SIZE='1000m'
;;
'EVAL')
LS_HEAP_SIZE='700m'
;;
*)
LS_HEAP_SIZE='500m'
;;
esac
} }
master_pillar() { master_pillar() {
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
# Create the master pillar # Create the master pillar
printf '%s\n'\ printf '%s\n'\
@@ -812,50 +825,50 @@ master_pillar() {
" esheap: $ES_HEAP_SIZE"\ " esheap: $ES_HEAP_SIZE"\
" esclustername: {{ grains.host }}"\ " esclustername: {{ grains.host }}"\
" freq: 0"\ " freq: 0"\
" domainstats: 0" >> "$PILLARFILE" " domainstats: 0" >> "$pillar_file"
if [ "$INSTALLTYPE" = 'EVAL' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ]; then if [ "$INSTALLTYPE" = 'EVAL' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ]; then
printf '%s\n'\ printf '%s\n'\
" ls_pipeline_batch_size: 125"\ " ls_pipeline_batch_size: 125"\
" ls_input_threads: 1"\ " ls_input_threads: 1"\
" ls_batch_count: 125"\ " ls_batch_count: 125"\
" mtu: $MTU" >> "$PILLARFILE" " mtu: $MTU" >> "$pillar_file"
fi fi
printf '%s\n'\ printf '%s\n'\
" lsheap: $LS_HEAP_SIZE"\ " lsheap: $LS_HEAP_SIZE"\
" lsaccessip: 127.0.0.1"\ " lsaccessip: 127.0.0.1"\
" elastalert: 1"\ " elastalert: 1"\
" ls_pipeline_workers: $CPUCORES"\ " ls_pipeline_workers: $CPUCORES"\
" nids_rules: $RULESETUP"\ " nids_rules: $RULESETUP"\
" oinkcode: $OINKCODE"\ " oinkcode: $OINKCODE"\
" es_port: $NODE_ES_PORT"\ " es_port: $NODE_ES_PORT"\
" log_size_limit: $LOG_SIZE_LIMIT"\ " log_size_limit: $LOG_SIZE_LIMIT"\
" cur_close_days: $CURCLOSEDAYS"\ " cur_close_days: $CURCLOSEDAYS"\
" grafana: $GRAFANA"\ " grafana: $GRAFANA"\
" osquery: $OSQUERY"\ " osquery: $OSQUERY"\
" wazuh: $WAZUH"\ " wazuh: $WAZUH"\
" thehive: $THEHIVE"\ " thehive: $THEHIVE"\
" playbook: $PLAYBOOK"\ " playbook: $PLAYBOOK"\
" strelka: $STRELKA"\ " strelka: $STRELKA"\
""\ ""\
"kratos:" >> "$PILLARFILE" "kratos:" >> "$pillar_file"
case $REDIRECTINFO in case $REDIRECTINFO in
'IP') 'IP')
REDIRECTIT="$MAINIP" REDIRECTIT="$MAINIP"
;; ;;
'HOSTNAME') 'HOSTNAME')
REDIRECTIT=$HOSTNAME REDIRECTIT=$HOSTNAME
;; ;;
*) *)
REDIRECTIT="$REDIRECT" REDIRECTIT="$REDIRECT"
;; ;;
esac esac
printf '%s\n'\ printf '%s\n'\
" kratoskey: $KRATOSKEY"\ " kratoskey: $KRATOSKEY"\
" redirect: $REDIRECTIT"\ " redirect: $REDIRECTIT"\
"" >> "$PILLARFILE" "" >> "$pillar_file"
} }
@@ -927,7 +940,7 @@ network_setup() {
node_pillar() { node_pillar() {
local PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
# Create the node pillar # Create the node pillar
printf '%s\n'\ printf '%s\n'\
@@ -946,13 +959,13 @@ node_pillar() {
" es_port: $NODE_ES_PORT"\ " es_port: $NODE_ES_PORT"\
" log_size_limit: $LOG_SIZE_LIMIT"\ " log_size_limit: $LOG_SIZE_LIMIT"\
" cur_close_days: $CURCLOSEDAYS"\ " cur_close_days: $CURCLOSEDAYS"\
"" >> "$PILLARFILE" "" >> "$pillar_file"
} }
patch_pillar() { patch_pillar() {
local PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
printf '%s\n'\ printf '%s\n'\
""\ ""\
@@ -961,7 +974,7 @@ patch_pillar() {
" schedule_name: $PATCHSCHEDULENAME"\ " schedule_name: $PATCHSCHEDULENAME"\
" enabled: True"\ " enabled: True"\
" splay: 300"\ " splay: 300"\
"" >> "$PILLARFILE" "" >> "$pillar_file"
} }
@@ -1135,111 +1148,100 @@ saltify() {
} }
salt_checkin() { salt_checkin() {
# Master State to Fix Mine Usage
if [ $INSTALLTYPE = 'MASTER' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'HELIXSENSOR' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
echo "Building Certificate Authority"
salt-call state.apply ca >> "$SETUPLOG" 2>&1
echo " *** Restarting Salt to fix any SSL errors. ***"
service salt-master restart >> "$SETUPLOG" 2>&1
sleep 5
service salt-minion restart >> "$SETUPLOG" 2>&1
sleep 15
echo " Applyng a mine hack "
salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> "$SETUPLOG" 2>&1
echo " Applying SSL state "
salt-call state.apply ssl >> "$SETUPLOG" 2>&1
echo "Still Working... Hang in there"
#salt-call state.highstate
else
# Run Checkin
salt-call state.apply ca >> "$SETUPLOG" 2>&1
salt-call state.apply ssl >> "$SETUPLOG" 2>&1
#salt-call state.highstate >> "$SETUPLOG" 2>&1
fi
case "$INSTALLTYPE" in
'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH') # Fix Mine usage
{
echo "Building Certificate Authority";
salt-call state.apply ca;
echo " *** Restarting Salt to fix any SSL errors. ***";
service salt-master restart;
sleep 5;
service salt-minion restart;
sleep 15;
echo " Applyng a mine hack";
salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt;
echo " Applying SSL state";
salt-call state.apply ssl;
} >> "$SETUPLOG" 2>&1
;;
*)
salt-call state.apply ca >> "$SETUPLOG" 2>&1
salt-call state.apply ssl >> "$SETUPLOG" 2>&1
;;
esac
} }
# FIXME: should this be a function?
salt_firstcheckin() { salt_firstcheckin() {
#First Checkin #First Checkin
salt-call state.highstate >> "$SETUPLOG" 2>&1 salt-call state.highstate >> "$SETUPLOG" 2>&1
} }
salt_master_directories() { salt_master_directories() {
# Create salt paster directories # Create salt paster directories
mkdir -p /opt/so/saltstack/salt mkdir -p /opt/so/saltstack/salt
mkdir -p /opt/so/saltstack/pillar mkdir -p /opt/so/saltstack/pillar
# Copy over the salt code and templates # Copy over the salt code and templates
if [ $INSTALLMETHOD = 'iso' ]; then if [ "$INSTALLMETHOD" = 'iso' ]; then
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/ rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/ rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/
else else
cp -R $SCRIPTDIR/../pillar/* /opt/so/saltstack/pillar/ cp -R "$SCRIPTDIR"/../pillar/* /opt/so/saltstack/pillar/
cp -R $SCRIPTDIR/../salt/* /opt/so/saltstack/salt/ cp -R "$SCRIPTDIR"/../salt/* /opt/so/saltstack/salt/
fi fi
# FIXME: why is this being done?
chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh
chmod +x /opt/so/saltstack/pillar/data/addtotab.sh chmod +x /opt/so/saltstack/pillar/data/addtotab.sh
} }
sensor_pillar() { sensor_pillar() {
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
# Create the sensor pillar # Create the sensor pillar
touch $PILLARFILE printf '%s\n'\
echo "sensor:" >> $PILLARFILE "sensor"\
echo " interface: bond0" >> $PILLARFILE " interface: bond0"\
echo " mainip: $MAINIP" >> $PILLARFILE " mainip: $MAINIP"\
echo " mainint: $MAININT" >> $PILLARFILE " mainint: $MAININT" > "$pillar_file"
if [ $NSMSETUP = 'ADVANCED' ]; then
echo " bro_pins:" >> $PILLARFILE if [ "$NSMSETUP" = 'ADVANCED' ]; then
echo " bro_pins:" >> "$pillar_file"
for PIN in $BROPINS; do for PIN in $BROPINS; do
PIN=$(echo $PIN | cut -d\" -f2) PIN=$(echo "$PIN" | cut -d\" -f2)
echo " - $PIN" >> $PILLARFILE echo " - $PIN" >> "$pillar_file"
done done
echo " suripins:" >> $PILLARFILE echo " suripins:" >> "$pillar_file"
for SPIN in $SURIPINS; do for SPIN in $SURIPINS; do
SPIN=$(echo $SPIN | cut -d\" -f2) SPIN=$(echo "$SPIN" | cut -d\" -f2)
echo " - $SPIN" >> $PILLARFILE echo " - $SPIN" >> "$pillar_file"
done done
elif [ $INSTALLTYPE = 'HELIXSENSOR' ]; then elif [ "$INSTALLTYPE" = 'HELIXSENSOR' ]; then
echo " bro_lbprocs: $LBPROCS" >> $PILLARFILE echo " bro_lbprocs: $LBPROCS" >> "$pillar_file"
echo " suriprocs: $LBPROCS" >> $PILLARFILE echo " suriprocs: $LBPROCS" >> "$pillar_file"
else else
echo " bro_lbprocs: $BASICBRO" >> $PILLARFILE echo " bro_lbprocs: $BASICBRO" >> "$pillar_file"
echo " suriprocs: $BASICSURI" >> $PILLARFILE echo " suriprocs: $BASICSURI" >> "$pillar_file"
fi fi
echo " brobpf:" >> $PILLARFILE printf '%s\n'\
echo " pcapbpf:" >> $PILLARFILE " brobpf:"\
echo " nidsbpf:" >> $PILLARFILE " pcapbpf:"\
echo " master: $MSRV" >> $PILLARFILE " nidsbpf:"\
echo " mtu: $MTU" >> $PILLARFILE " master: $MSRV"\
echo " uniqueid: $(date '+%s')" >> $PILLARFILE " mtu: $MTU"\
if [ $HNSENSOR != 'inherit' ]; then " uniqueid: $(date '+%s')" >> "$pillar_file"
echo " hnsensor: $HNSENSOR" >> $PILLARFILE if [ "$HNSENSOR" != 'inherit' ]; then
echo " hnsensor: $HNSENSOR" >> "$pillar_file"
fi fi
echo " access_key: $ACCESS_KEY" >> $PILLARFILE printf '%s\n'\
echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE " access_key: $ACCESS_KEY"\
echo "" >> $PILLARFILE " access_secret: $ACCESS_SECRET"\
"" >> "$pillar_file"
}
set_environment_var() {
echo "Setting environment variable: $1"
export "$1"
echo "$1" >> /etc/environment
} }
set_hostname() { set_hostname() {
@@ -1269,122 +1271,117 @@ set_hostname_iso() {
set_initial_firewall_policy() { set_initial_firewall_policy() {
get_main_ip get_main_ip
if [ $INSTALLTYPE = 'MASTER' ]; then
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
/opt/so/saltstack/pillar/data/addtotab.sh mastertab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
fi
if [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/search_nodes.sls
if [ $INSTALLTYPE = 'EVAL' ]; then
/opt/so/saltstack/pillar/data/addtotab.sh evaltab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
elif [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
/opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
fi
fi
if [ $INSTALLTYPE = 'HELIXSENSOR' ]; then
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls
fi
if [ $INSTALLTYPE = 'SENSOR' ]; then
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
fi
if [ $INSTALLTYPE = 'SEARCHNODE' ]; then
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
fi
if [ $INSTALLTYPE = 'HEAVYNODE' ]; then
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
fi
if [ $INSTALLTYPE = 'FLEET' ]; then
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
fi
if [ $INSTALLTYPE = 'PARSINGNODE' ]; then
echo "blah"
fi
if [ $INSTALLTYPE = 'HOTNODE' ]; then
echo "blah"
fi
if [ $INSTALLTYPE = 'WARMNODE' ]; then
echo "blah"
fi
case "$INSTALLTYPE" in
'MASTER')
printf " - %s\n" "$MAINIP" | tee /opt/so/saltstack/pillar/firewall/minions.sls /opt/so/saltstack/pillar/firewall/masterfw.sls
/opt/so/saltstack/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
;;
'EVAL' | 'MASTERSEARCH')
printf " - %s\n" "$MAINIP" | tee /opt/so/saltstack/pillar/firewall/minions.sls\
/opt/so/saltstack/pillar/firewall/masterfw.sls\
/opt/so/saltstack/pillar/firewall/forward_nodes.sls\
/opt/so/saltstack/pillar/firewall/search_nodes.sls
case "$INSTALLTYPE" in
'EVAL')
/opt/so/saltstack/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM" bond0
;;
'MASTERSEARCH')
/opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
;;
esac
;;
'HELIXSENSOR')
printf " - %s\n" "$MAINIP" | tee /opt/so/saltstack/pillar/firewall/minions.sls\
/opt/so/saltstack/pillar/firewall/masterfw.sls\
/opt/so/saltstack/pillar/firewall/forward_nodes.sls
;;
'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions "$MAINIP"
case "$INSTALLERTYPE" in
'SENSOR')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM" bond0
;;
'SEARCHNODE')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
;;
'HEAVYNODE')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM" bond0
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
;;
esac
;;
'PARSINGNODE')
# TODO: implement
;;
'HOTNODE')
# TODO: implement
;;
'WARMNODE')
# TODO: implement
;;
esac
} }
# Set up the management interface on the ISO # Set up the management interface on the ISO
set_management_interface() { set_management_interface() {
if [ $ADDRESSTYPE = 'DHCP' ]; then if [ "$ADDRESSTYPE" = 'DHCP' ]; then
/usr/bin/nmcli con up $MNIC nmcli con mod "$MNIC" connection.autoconnect yes
/usr/bin/nmcli con mod $MNIC connection.autoconnect yes nmcli con up "$MNIC"
else else
# Set Static IP # Set Static IP
/usr/bin/nmcli con mod $MNIC ipv4.addresses $MIP/$MMASK ipv4.gateway $MGATEWAY \ nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
ipv4.dns $MDNS ipv4.dns-search $MSEARCH ipv4.method manual ipv4.gateway "$MGATEWAY" \
/usr/bin/nmcli con up $MNIC ipv4.dns "$MDNS"\
/usr/bin/nmcli con mod $MNIC connection.autoconnect yes ipv4.dns-search "$MSEARCH"\
connection.autoconnect yes\
ipv4.method manual
nmcli con up "$MNIC"
fi fi
} }
set_node_type() { set_node_type() {
# Determine the node type based on whiplash choice case "$INSTALLTYPE" in
if [ $INSTALLTYPE = 'SEARCHNODE' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ] || [ $INSTALLTYPE = 'HEAVYNODE' ] ; then 'SEARCHNODE' | 'EVAL' | 'MASTERSEARCH' | 'HEAVYNODE')
NODETYPE='search' NODETYPE='search'
fi ;;
if [ $INSTALLTYPE = 'PARSINGNODE' ]; then 'PARSINGNODE')
NODETYPE='parser' NODETYPE='parser'
fi ;;
if [ $INSTALLTYPE = 'HOTNODE' ]; then 'HOTNODE')
NODETYPE='hot' NODETYPE='hot'
fi ;;
if [ $INSTALLTYPE = 'WARMNODE' ]; then 'WARMNODE')
NODETYPE='warm' NODETYPE='warm'
fi ;;
esac
} }
set_updates() { set_updates() {
if [ "$MASTERUPDATES" = 1 ]; then if [ "$MASTERUPDATES" -eq 1 ]; then
echo "MASTERUPDATES is MASTER" if [ "$OS" = 'centos' ]; then
if [ $OS = 'centos' ]; then if ! grep -q "$MSRV" /etc/yum.conf; then
if ! grep -q $MSRV /etc/yum.conf; then echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
fi fi
else else
# Set it up so the updates roll through the master # Set it up so the updates roll through the master
echo "Acquire::http::Proxy \"http://$MSRV:3142\";" > /etc/apt/apt.conf.d/00Proxy printf '%s\n'\
echo "Acquire::https::Proxy \"http://$MSRV:3142\";" >> /etc/apt/apt.conf.d/00Proxy "Acquire::http::Proxy \"http://$MSRV:3142\";"\
"Acquire::https::Proxy \"http://$MSRV:3142\";" > /etc/apt/apt.conf.d/00Proxy
fi fi
else
echo "MASTERUPDATES is OPEN"
fi fi
} }
# FIXME: should this be a function?
set_version() { set_version() {
# Drop a file with the current version # Drop a file with the current version
echo "$SOVERSION" > /etc/soversion echo "$SOVERSION" > /etc/soversion
} }
update_sudoers() { update_sudoers() {
@@ -1398,5 +1395,4 @@ update_sudoers() {
else else
echo "User soremote already granted sudo privileges" echo "User soremote already granted sudo privileges"
fi fi
} }