Update agent scripts

salt/elasticagent/config.sls

@@ -28,6 +28,23 @@ elasticagentconfdir:
     - group: 939
     - makedirs: True
 
+elasticagent_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://elasticagent/tools/sbin
+    - user: 949
+    - group: 939
+    - file_mode: 755
+
+elasticagent_sbin_jinja:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://elasticagent/tools/sbin_jinja
+    - user: 949
+    - group: 939
+    - file_mode: 755
+    - template: jinja
+
 # Create config
 create-elastic-agent-config:
   file.managed:
@@ -37,7 +54,6 @@ create-elastic-agent-config:
     - group: 939
     - template: jinja
 
-
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/elasticagent/tools/sbin_jinja/so-elastic-agent-gen-installers

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
+# this file except in compliance with the Elastic License 2.0.
+
+#so-elastic-agent-gen-installers $FleetHostURLs $EnrollmentToken 
+
+{% from 'vars/globals.map.jinja' import GLOBALS %}
+
+. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common
+
+for i in {1..30}
+do
+   ENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json'  | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints-initial")) | .api_key')
+   FLEETHOST=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/fleet_server_hosts/grid-default' | jq -r  '.item.host_urls[]' | paste -sd ',')
+if [[ $FLEETHOST ]] && [[  $ENROLLMENTOKEN ]]; then break; else sleep 10; fi
+done
+
+if [[ -z $FLEETHOST ]] || [[ -z $ENROLLMENTOKEN ]]; then 
+  printf "\nFleet Host URL, Enrollment Token or Elastic Version empty - exiting..."
+  printf "\nFleet Host: $FLEETHOST, Enrollment Token: $ENROLLMENTOKEN\n"
+  exit 
+fi
+
+OSARCH=( "linux-x86_64" "windows-x86_64" "darwin-x86_64" "darwin-aarch64" )
+
+printf  "\n### Creating a temp directory at /nsm/elastic-agent-workspace\n"
+rm -rf /nsm/elastic-agent-workspace
+mkdir -p /nsm/elastic-agent-workspace
+
+printf "\n### Extracting outer tarball and then each individual tarball/zip\n"
+tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$ELASTIC_AGENT_TARBALL_VERSION.tar.gz -C /nsm/elastic-agent-workspace/
+unzip -q /nsm/elastic-agent-workspace/elastic-agent-*.zip -d /nsm/elastic-agent-workspace/
+for archive in /nsm/elastic-agent-workspace/*.tar.gz
+do
+  printf "\nExtracting $archive..."
+  tar xf "$archive" -C /nsm/elastic-agent-workspace/
+done 
+
+printf "\n### Stripping out unused components"
+find /nsm/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete 
+
+printf "\n### Tarring everything up again"
+for OS in "${OSARCH[@]}"
+do 
+  printf "\nCreating tarball for $OS..."
+  rm -rf /nsm/elastic-agent-workspace/elastic-agent
+  mv /nsm/elastic-agent-workspace/elastic-agent-*-$OS /nsm/elastic-agent-workspace/elastic-agent
+  tar -czf /nsm/elastic-agent-workspace/$OS.tar.gz  -C /nsm/elastic-agent-workspace elastic-agent
+done 
+
+GOTARGETOS=( "linux" "windows" "darwin" "darwin/arm64" )
+GOARCH="amd64"
+printf "\n### Generating OS packages using the cleaned up tarballs"
+for GOOS in "${GOTARGETOS[@]}"
+do
+    if [[ $GOOS == 'darwin/arm64' ]]; then GOOS="darwin" && GOARCH="arm64"; fi
+    printf "\n\n### Generating $GOOS/$GOARCH Installer...\n"
+    docker run -e CGO_ENABLED=0 -e GOOS=$GOOS -e GOARCH=$GOARCH \
+    --mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \
+    --mount type=bind,source=/nsm/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \
+    --mount type=bind,source=/opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/,target=/output/ \
+    {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHostURLsList=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN"  -o /output/so-elastic-agent_${GOOS}_${GOARCH}
+    printf "\n### $GOOS/$GOARCH Installer Generated...\n"
+done
+
+printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace"
+rm -rf /nsm/elastic-agent-workspace

salt/elasticagent/tools/sbin_jinja/so-elastic-agent-inspect

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+{% if grains.role == 'so-heavynode' %}
+docker exec so-elastic-agent /usr/share/elastic-agent/elastic-agent inspect
+{% else %}
+/bin/elastic-agent inspect
+{% endif %}

salt/elasticagent/tools/sbin_jinja/so-elastic-agent-restart

@@ -5,6 +5,12 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
+
+
 . /usr/sbin/so-common
 
+{% if grains.role == 'so-heavynode' %}
 /usr/sbin/so-restart elastic-agent $1
+{% else %}
+service elastic-agent restart
+{% endif %}

salt/elasticagent/tools/sbin_jinja/so-elastic-agent-start

@@ -9,4 +9,9 @@
 
 . /usr/sbin/so-common
 
+{% if grains.role == 'so-heavynode' %}
 /usr/sbin/so-start elastic-agent $1
+{% else %}
+service elastic-agent start
+{% endif %}
+

salt/elasticagent/tools/sbin_jinja/so-elastic-agent-status

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+{% if grains.role == 'so-heavynode' %}
+docker exec so-elastic-agent /usr/share/elastic-agent/elastic-agent status
+{% else %}
+/bin/elastic-agent status
+{% endif %}
+

salt/elasticagent/tools/sbin_jinja/so-elastic-agent-stop

@@ -9,4 +9,9 @@
 
 . /usr/sbin/so-common
 
+{% if grains.role == 'so-heavynode' %}
 /usr/sbin/so-stop elastic-agent $1
+{% else %}
+service elastic-agent stop
+{% endif %}
+

salt/elasticagent/tools/sbin_jinja/so-elastic-agent-version

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+{% if grains.role == 'so-heavynode' %}
+docker exec so-elastic-agent /usr/share/elastic-agent/elastic-agent version
+{% else %}
+/bin/elastic-agent version
+{% endif %}
+

salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-inspect

@@ -10,7 +10,7 @@
 . /usr/sbin/so-elastic-fleet-common
 
 {% if grains.role == 'so-heavynode' %}
-docker exec so-elastic-agent /bin/elastic-agent inspect
+docker exec so-elastic-agent /usr/share/elastic-agent/elastic-agent inspect
 {% else %}
 /bin/elastic-agent inspect
 {% endif %}

salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-status

@@ -10,7 +10,7 @@
 . /usr/sbin/so-elastic-fleet-common
 
 {% if grains.role == 'so-heavynode' %}
-docker exec so-elastic-agent /bin/elastic-agent status
+docker exec so-elastic-agent /usr/share/elastic-agent/elastic-agent status
 {% else %}
 /bin/elastic-agent status
 {% endif %}

salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-version

@@ -10,7 +10,7 @@
 . /usr/sbin/so-elastic-fleet-common
 
 {% if grains.role == 'so-heavynode' %}
-docker exec so-elastic-agent /bin/elastic-agent version
+docker exec so-elastic-agent /usr/share/elastic-agent/elastic-agent version
 {% else %}
 /bin/elastic-agent version
 {% endif %}