Merge pull request #561 from Security-Onion-Solutions/bugfix/fleet-launcher-versioning

Fleet package fixes
2025-12-06 09:12:45 +01:00 · 2020-04-13 16:19:44 -04:00
parent 84e37856f0 29ebed3005
commit a1bea7217b
3 changed files with 18 additions and 3 deletions
--- a/salt/fleet/event_gen-packages.sls
+++ b/salt/fleet/event_gen-packages.sls
@@ -1,4 +1,5 @@
 {% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
 {% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_package-version') %}
 so/fleet:
  event.send:
@@ -7,4 +8,5 @@ so/fleet:
        hostname: {{ grains.host }}
        role: {{ grains.role }}
        mainip: {{ grains.host }}
-        enroll-secret: {{ ENROLLSECRET }}
+        enroll-secret: {{ ENROLLSECRET }}
        current-package-version: {{ CURRENTPACKAGEVERSION }}
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -13,6 +13,7 @@ def run():
  ROLE = data['data']['role']
  ESECRET = data['data']['enroll-secret']
  MAINIP = data['data']['mainip']
  PACKAGEVERSION = data['data']['current-package-version']
  STATICFILE = '/opt/so/saltstack/pillar/static.sls'
  SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
@@ -47,14 +48,25 @@ def run():
    if ACTION == 'genpackages':
      logging.info('so/fleet genpackages reactor')
      # Increment the package version by 1
      PACKAGEVERSION += 1
      # Run Docker container that will build the packages
      gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", "docker.io/soshybridhunter/so-fleet-launcher:HH1.1.0", \
-         f"{ESECRET}", f"{HOSTNAME}:8090"], stdout=subprocess.PIPE, encoding='ascii')  
+         f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
      # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
      for line in fileinput.input(STATICFILE, inplace=True):
        line = re.sub(r'fleet_packages-timestamp: \S*', f"fleet_packages-timestamp: {strftime('%Y-%m-%d-%H:%M', gmtime())}", line.rstrip())
-        print(line)  
+        print(line)
        # Update the Fleet Osquery package version in the static pillar
      for line in fileinput.input(STATICFILE, inplace=True):
        line = re.sub(r'fleet_package-version: \S*', f"fleet_package-version: {PACKAGEVERSION}", line.rstrip())
        print(line)
      # Copy over newly-built packages
      copy_packages = subprocess.run(["salt-call", "state.apply","fleet"], stdout=subprocess.PIPE, encoding='ascii')      
  return {}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -919,6 +919,7 @@ master_static() {
  echo "  fleet_master: False" >> /opt/so/saltstack/pillar/static.sls
  echo "  fleet_node: False" >> /opt/so/saltstack/pillar/static.sls
  echo "  fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls
  echo "  fleet_packages-version: 1" >> /opt/so/saltstack/pillar/static.sls
  echo "  fleet_hostname: N/A" >> /opt/so/saltstack/pillar/static.sls
  echo "  fleet_ip: N/A" >> /opt/so/saltstack/pillar/static.sls
  echo "  sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls