CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7700 from Security-Onion-Solutions/m0duspwnens-salt-3004.1

Browse Source 
salt 3004.1 hotfix
This commit is contained in:
Josh Patterson
2022-04-04 13:32:34 -04:00
committed by GitHub
parent 7f4c2687cf f9563b2dc4
commit 809bc1858c
1 changed files with 52 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
salt/common/tools/sbin/soup
View File

@@ -93,8 +93,7 @@ check_err() {
fi fi
set +e set +e
systemctl_func "start" "$cron_service_name" systemctl_func "start" "$cron_service_name"
echo "Ensuring highstate is enabled." enable_highstate
salt-call state.enable highstate --local
exit $exit_code exit $exit_code
fi fi
@@ -366,6 +365,12 @@ clone_to_tmp() {
fi fi
} }
enable_highstate() {
echo "Enabling highstate."
salt-call state.enable highstate -l info --local
echo ""
}
generate_and_clean_tarballs() { generate_and_clean_tarballs() {
local new_version local new_version
new_version=$(cat $UPDATE_DIR/VERSION) new_version=$(cat $UPDATE_DIR/VERSION)
@@ -492,10 +497,10 @@ stop_salt_master() {
set +e set +e
echo "" echo ""
echo "Killing all Salt jobs across the grid." echo "Killing all Salt jobs across the grid."
salt \* saltutil.kill_all_jobs salt \* saltutil.kill_all_jobs >> $SOUP_LOG 2>&1
echo "" echo ""
echo "Killing any queued Salt jobs on the manager." echo "Killing any queued Salt jobs on the manager."
pkill -9 -ef "/usr/bin/python3 /bin/salt" pkill -9 -ef "/usr/bin/python3 /bin/salt" >> $SOUP_LOG 2>&1
set -e set -e
echo "" echo ""
@@ -889,11 +894,27 @@ upgrade_salt() {
apt-mark hold "salt-master" apt-mark hold "salt-master"
apt-mark hold "salt-minion" apt-mark hold "salt-minion"
fi fi
echo "Checking if Salt was upgraded."
echo ""
# Check that Salt was upgraded
SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
echo "Once the issue is resolved, run soup again."
echo "Exiting."
echo ""
exit 0
else
echo "Salt upgrade success."
echo ""
fi
} }
update_repo() { update_repo() {
echo "Performing repo changes."
if [[ "$OS" == "centos" ]]; then if [[ "$OS" == "centos" ]]; then
echo "Performing repo changes."
# Import GPG Keys # Import GPG Keys
gpg_rpm_import gpg_rpm_import
echo "Disabling fastestmirror." echo "Disabling fastestmirror."
@@ -945,6 +966,8 @@ verify_latest_update_script() {
apply_hotfix() { apply_hotfix() {
if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
fix_wazuh fix_wazuh
elif [[ "$INSTALLEDVERSION" == "2.3.110" ]] ; then
2_3_10_hotfix_1
else else
echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)" echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
fi fi
@@ -966,6 +989,28 @@ fix_wazuh() {
fi fi
} }
#upgrade salt to 3004.1
2_3_10_hotfix_1() {
systemctl_func "stop" "$cron_service_name"
# update mine items prior to stopping salt-minion and salt-master
update_salt_mine
stop_salt_minion
stop_salt_master
update_repo
# Does salt need upgraded. If so update it.
if [[ $UPGRADESALT -eq 1 ]]; then
echo "Upgrading Salt"
# Update the repo files so it can actually upgrade
upgrade_salt
fi
rm -f /opt/so/state/influxdb_continuous_query.py.patched /opt/so/state/influxdbmod.py.patched /opt/so/state/influxdb_retention_policy.py.patched
systemctl_func "start" "salt-master"
salt-call state.apply salt.python3-influxdb -l info
systemctl_func "start" "salt-minion"
systemctl_func "start" "$cron_service_name"
}
main() { main() {
trap 'check_err $?' EXIT trap 'check_err $?' EXIT
@@ -1041,6 +1086,7 @@ main() {
apply_hotfix apply_hotfix
echo "Hotfix applied" echo "Hotfix applied"
update_version update_version
enable_highstate
salt-call state.highstate -l info queue=True salt-call state.highstate -l info queue=True
else else
echo "" echo ""
@@ -1080,21 +1126,6 @@ main() {
echo "Upgrading Salt" echo "Upgrading Salt"
# Update the repo files so it can actually upgrade # Update the repo files so it can actually upgrade
upgrade_salt upgrade_salt
echo "Checking if Salt was upgraded."
echo ""
# Check that Salt was upgraded
SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
echo "Once the issue is resolved, run soup again."
echo "Exiting."
echo ""
exit 0
else
echo "Salt upgrade success."
echo ""
fi
fi fi
preupgrade_changes preupgrade_changes
@@ -1150,9 +1181,7 @@ main() {
echo "" echo ""
fi fi
echo "Enabling highstate." enable_highstate
salt-call state.enable highstate -l info --local
echo ""
echo "" echo ""
echo "Running a highstate. This could take several minutes." echo "Running a highstate. This could take several minutes."