Merge pull request #1959 from Security-Onion-Solutions/soup-verify-salt

verify new salt version is installed during soup if not, exit before proceeding
2025-12-06 09:12:45 +01:00 · 2020-11-17 09:53:08 -05:00
parent 12c661101a 65440f9aef
commit 86922a2388
1 changed files with 14 additions and 0 deletions
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -458,6 +458,20 @@ if [ "$UPGRADESALT" == "1" ]; then
  upgrade_salt
 fi

+echo "Checking if Salt was upgraded."
+echo ""
+# Check that Salt was upgraded, should be 3 'salt' packages on a manager node. salt-minion, salt-master and salt or salt-common depending on Ubuntu or CentOS. we could add salt-syndic in the future so checking that there are at least 3 packages
+if [[ `rpm -qa | grep salt | grep $NEWSALTVERSION | wc -l` < 3 ]]; then
+  echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
+  echo "Once the issue is resolved, run soup again."
+  echo "Exiting."
+  echo ""
+  exit 1
+else
+  echo "Salt upgrade success."
+  echo ""
+fi
+
 echo "Making pillar changes."
 pillar_changes
 echo ""