From 8234b6f83565aa448a5d985ccda35f22f42633ab Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 16 Nov 2020 15:11:08 -0500
Subject: [PATCH] Switch remaining containers over to new registries; Continued
 bash refactoring

---
 salt/common/tools/sbin/so-image-common | 30 +++++++++++++++-----------
 salt/domainstats/init.sls              |  4 ++--
 salt/freqserver/init.sls               |  4 ++--
 salt/nodered/init.sls                  |  2 +-
 salt/registry/init.sls                 |  2 +-
 setup/so-functions                     |  5 +----
 setup/so-setup                         |  4 ++--
 7 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index 4a3a099bc..aefeade91 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -95,6 +95,7 @@ update_docker_containers() {
   local CURLTYPE=$1
   local IMAGE_TAG_SUFFIX=$2
   local PROGRESS_CALLBACK=$3
+  local LOG_FILE=$4
 
   local CONTAINER_REGISTRY=quay.io
   local SIGNPATH=/root/sosigs
@@ -103,6 +104,10 @@ update_docker_containers() {
     CURLTYPE=unknown
   fi
 
+  if [ -z "$LOG_FILE" ]; then
+    LOG_FILE=/dev/tty
+  fi
+
   # Recheck the version for scenarios were the VERSION wasn't known before this script was imported
   set_version
   set_os
@@ -114,26 +119,26 @@ update_docker_containers() {
   # Let's make sure we have the public key
   curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -
   
-  rm -rf $SIGNPATH
-  mkdir -p $SIGNPATH
+  rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 
+  mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 
 
   # Download the containers from the interwebs
   for i in "${TRUSTED_CONTAINERS[@]}"
   do
     if [ -z "$PROGRESS_CALLBACK" ]; then
-      echo "Downloading $i"
+      echo "Downloading $i" >> "$LOG_FILE" 2>&1 
     else
       $PROGRESS_CALLBACK $i
     fi
 
     # Pull down the trusted docker image
     local image=$i:$VERSION$IMAGE_TAG_SUFFIX
-    docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image
+    docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 
     
     # Get signature
-    curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig
+    curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig >> "$LOG_FILE" 2>&1 
     if [[ $? -ne 0 ]]; then
-      echo "Unable to pull signature file for $image"
+      echo "Unable to pull signature file for $image" >> "$LOG_FILE" 2>&1 
       exit 1
     fi
     # Dump our hash values
@@ -143,7 +148,7 @@ update_docker_containers() {
     echo "$DOCKERINSPECT" | jq ".[0].Created, .[0].RootFS.Layers" >> $SIGNPATH/$image.txt
         
     if [[ $? -ne 0 ]]; then
-      echo "Unable to inspect $image"
+      echo "Unable to inspect $image" >> "$LOG_FILE" 2>&1 
       exit 1
     fi
     GPGTEST=$(gpg --verify $SIGNPATH/$image.sig $SIGNPATH/$image.txt 2>&1)
@@ -153,15 +158,14 @@ update_docker_containers() {
         if [ -z "$HOSTNAME" ]; then
           HOSTNAME=$(hostname)
         fi
-        docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$image $HOSTNAME:5000/$IMAGEREPO/$image
-        docker push $HOSTNAME:5000/$IMAGEREPO/$image
+        docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$image $HOSTNAME:5000/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 
+        docker push $HOSTNAME:5000/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 
       fi
     else
-      echo "There is a problem downloading the $image image. Details: "
-      echo ""
-      echo $GPGTEST
+      echo "There is a problem downloading the $image image. Details: " >> "$LOG_FILE" 2>&1 
+      echo "" >> "$LOG_FILE" 2>&1 
+      echo $GPGTEST >> "$LOG_FILE" 2>&1 
       exit 1
     fi
   done
-  
 }
diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls
index 7716ddf83..965d87426 100644
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -43,13 +43,13 @@ dstatslogdir:
 
 so-domainstatsimage:
  cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3
+   - name: docker pull {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-domainstats:{{ VERSION }}
 
 so-domainstats:
   docker_container.running:
     - require:
       - so-domainstatsimage
-    - image: docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-domainstats:{{ VERSION }}
     - hostname: domainstats
     - name: so-domainstats
     - user: domainstats
diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls
index 5ff454bcc..f514353a1 100644
--- a/salt/freqserver/init.sls
+++ b/salt/freqserver/init.sls
@@ -43,13 +43,13 @@ freqlogdir:
 
 so-freqimage:
  cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3
+   - name: docker pull {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-freqserver:{{ VERSION }}
 
 so-freq:
   docker_container.running:
     - require:
       - so-freqimage
-    - image: docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-freqserver:{{ VERSION }}
     - hostname: freqserver
     - name: so-freqserver
     - user: freqserver
diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls
index a594c23d9..c4fb8cb37 100644
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -67,7 +67,7 @@ noderedlog:
 
 so-nodered:
   docker_container.running:
-    - image: {{ IMAGEREPO }}/so-nodered:HH1.2.2
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-nodered:{{ VERSION }}
     - interactive: True
     - binds:
       - /opt/so/conf/nodered/:/data:rw
diff --git a/salt/registry/init.sls b/salt/registry/init.sls
index c456aa0c4..43b9d8fa6 100644
--- a/salt/registry/init.sls
+++ b/salt/registry/init.sls
@@ -45,7 +45,7 @@ dockerregistryconf:
 # Install the registry container
 so-dockerregistry:
   docker_container.running:
-    - image: registry:latest
+    - image: ghcr.io/security-onion-solutions/registry:latest
     - hostname: so-registry
     - restart_policy: always
     - port_bindings:
diff --git a/setup/so-functions b/setup/so-functions
index 8ec78787e..273472f25 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -901,10 +901,7 @@ docker_seed_registry() {
 
 		docker_seed_update_percent=25
 
-		# Save output descriptors for use in docker_seed_registry_update function
-		exec 10>&1 20>&2
-
-		update_docker_containers 'netinstall' '' 'docker_seed_update' >> "$setup_log" 2>&1
+		update_docker_containers 'netinstall' '' 'docker_seed_update' "$setup_log"
 	else
 		tar xvf /nsm/docker-registry/docker/registry.tar -C /nsm/docker-registry/docker >> "$setup_log" 2>&1
 		rm /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1
diff --git a/setup/so-setup b/setup/so-setup
index 21c78cd92..381ef9bca 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -599,9 +599,9 @@ fi
 		else
 			set_progress_str 26 'Downloading containers from the internet'
 		fi
-        import_registry_docker >> $setup_log 2>&1
+		import_registry_docker >> $setup_log 2>&1
 		salt-call state.apply -l info registry >> $setup_log 2>&1
-		docker_seed_registry  2>> "$setup_log" # ~ 60% when finished
+		docker_seed_registry # ~ 60% when finished
 		
 		set_progress_str 60 "$(print_salt_state_apply 'manager')"
 		if [[ "$STRELKARULES" == 1 ]]; then