CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

soup update salt on manager for centos - https://github.com/Security-Onion-Solutions/securityonion/issues/1091

Browse Source
This commit is contained in:
m0duspwnens
2020-07-24 15:06:06 -04:00
parent 9eeb527ea7
commit 78491e1fc5
6 changed files with 7912 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pillar/salt/master.sls Normal file
View File

@@ -0,0 +1,4 @@
#version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
salt:
master:
version: 3001

4
pillar/salt/minion.sls Normal file
View File

@@ -0,0 +1,4 @@
#version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
salt:
minion:
version: 3001

47
salt/common/tools/sbin/soup
View File

@@ -18,6 +18,7 @@
. /usr/sbin/so-common . /usr/sbin/so-common
UPDATE_DIR=/tmp/sogh/securityonion UPDATE_DIR=/tmp/sogh/securityonion
INSTALLEDVERSION=$(cat /etc/soversion) INSTALLEDVERSION=$(cat /etc/soversion)
INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
default_salt_dir=/opt/so/saltstack/default default_salt_dir=/opt/so/saltstack/default
manager_check() { manager_check() {
@@ -154,8 +155,27 @@ upgrade_check() {
if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then
echo "You are already running the latest version of Security Onion." echo "You are already running the latest version of Security Onion."
exit 0 exit 0
fi
}
upgrade_check_salt() {
NEWSALTVERSION=$(grep version: $UPDATE_DIR/pillar/salt/master.sls | awk {'print $2'})
if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then
echo "You are already running the correct version of Salt for Security Onion."
else else
echo "Performing Upgrade from $INSTALLEDVERSION to $NEWVERSION" echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION"
echo ""
# If CentOS
echo "Removing yum versionlock for Salt"
echo ""
yum versionlock delete "salt-*"
echo "Updating Salt packages and restarting services"
echo ""
sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
echo "Applying yum versionlock for Salt"
echo ""
yum versionlock add "salt-*"
# Else do Ubuntu things
fi fi
} }
@@ -185,7 +205,21 @@ verify_latest_update_script
echo "" echo ""
echo "Let's see if we need to update" echo "Let's see if we need to update"
upgrade_check upgrade_check
echo "" echo ""
echo "Performing Upgrade from $INSTALLEDVERSION to $NEWVERSION"
echo ""
echo "Stopping Salt Master service"
systemctl stop salt-master
echo ""
echo "Stopping Salt Minion service"
systemctl stop salt-minion
echo ""
echo "Checking for Salt updates"
upgrade_check_salt
echo "Making pillar changes" echo "Making pillar changes"
pillar_changes pillar_changes
echo "" echo ""
@@ -200,6 +234,17 @@ copy_new_files
echo "" echo ""
echo "Updating version" echo "Updating version"
update_version update_version
echo ""
echo "Starting Salt Master service"
systemctl start salt-master
echo ""
echo "Starting Salt Minion service"
systemctl start salt-minion
echo ""
echo "" echo ""
echo "Running a highstate to complete upgrade" echo "Running a highstate to complete upgrade"
highstate highstate

1
salt/salt/master.sls Normal file
View File

@@ -0,0 +1 @@
#Future state for Salt masters

1
salt/salt/minion.sls Normal file
View File

@@ -0,0 +1 @@
#Future state for Salt minions

7856
salt/salt/scripts/bootstrap-salt.sh Normal file
View File

File diff suppressed because it is too large Load Diff