From a3f79850fe4e0457de4a5678b4db435fff6fe0c4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 10 Jul 2023 20:31:49 -0400 Subject: [PATCH] Initial Oracle support --- setup/so-functions | 118 +++++++++++++++++++++++++++------------------ 1 file changed, 72 insertions(+), 46 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 75345b3ac..4cdf1f66c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -950,16 +950,19 @@ detect_os() { OSVER=9 is_rocky=true is_rpm=true + not_supported=true elif grep -q "CentOS Stream release 9" /etc/redhat-release; then OS=centos OSVER=9 is_centos=true is_rpm=true + not_supported=true elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then OS=rhel OSVER=9 is_rhel=true is_rpm=true + not_supported=true fi elif [ -f /etc/os-release ]; then OS=ubuntu @@ -967,17 +970,20 @@ detect_os() { OSVER=focal UBVER=20.04 is_ubuntu=true + is_supported=true elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then OSVER=jammy UBVER=22.04 is_ubuntu=true is_deb=true + not_supported=true elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then OSVER=bookworm DEBVER=12 is_debian=true OS=debian is_deb=true + not_supported=true fi installer_prereq_packages @@ -987,6 +993,13 @@ detect_os() { fi info "Found OS: $OS $OSVER" + if [[ $is_override ]]; then + unset $not_supported + fi + if [[ $not_supported ]]; then + info "This is not a supported OS. Exiting Setup" + exit 1 + fi } @@ -1022,17 +1035,7 @@ installer_progress_loop() { done } -installer_prereq_packages() { -# if [ "$OS" == rocky ]; then -# if [[ ! $is_iso ]]; then -# if ! command -v nmcli > /dev/null 2>&1; then -# logCmd "dnf -y install NetworkManager" -# fi -# fi -# logCmd "systemctl enable NetworkManager" -# logCmd "systemctl start NetworkManager" -# el - +installer_prereq_packages() { if [[ $is_deb ]]; then # Print message to stdout so the user knows setup is doing something info "Running apt-get update" @@ -1768,7 +1771,7 @@ reserve_ports() { reinstall_init() { info "Putting system in state to run setup again" - if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then + if [[ $install_type =~ ^(MANAGER|EVAL|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then local salt_services=( "salt-master" "salt-minion" ) else local salt_services=( "salt-minion" ) @@ -1981,44 +1984,67 @@ securityonion_repo() { } repo_sync_local() { - # Sync the repo from the the SO repo locally. - # Check for reposync - info "Backing up old repos" - mkdir -p /nsm/repo - mkdir -p /opt/so/conf/reposync/cache - if [[ $is_rocky ]]; then - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt - elif [[ $is_centos ]]; then - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt - elif [[ $is_rhel ]]; then - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt - fi - echo "[main]" > /opt/so/conf/reposync/repodownload.conf - echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf - echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf - echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf - echo "best=True" >> /opt/so/conf/reposync/repodownload.conf - echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf - echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf - echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf - echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf - echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf - echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf - echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf - echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf + if [[ $is_supported ]]; then + # Sync the repo from the the SO repo locally. + # Check for reposync + info "Backing up old repos" + mkdir -p /nsm/repo + mkdir -p /opt/so/conf/reposync/cache + #if [[ $is_rocky ]]; then + # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt + # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt + #elif [[ $is_centos ]]; then + # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt + # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt + #elif [[ $is_rhel ]]; then + # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt + # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt + #fi + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt + echo "[main]" > /opt/so/conf/reposync/repodownload.conf + echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf + echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf + echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf + echo "best=True" >> /opt/so/conf/reposync/repodownload.conf + echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf + echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf + echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf + echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf + echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf + echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf + echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf + echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf - logCmd "dnf repolist" - # Make sure we can get to the sig repo - # TODO Add if for ISO install - curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install - logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" + logCmd "dnf repolist" + # Make sure we can get to the sig repo + # TODO Add if for ISO install + if [[ ! $is_airgap ]]; then + curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install + fi + logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" # After the download is complete run createrepo create_repo - + else + # Add the proper repos + echo "Adding Repos" + if [[ $is_rpm ]]; then + dnf -y install epel-release + dnf install -y yum-utils device-mapper-persistent-data lvm2 + rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub + if [[ $is_rhel ]]; then + dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo + curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo + else + dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo + curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo + fi + else + echo "Not sure how you got here." + exit 1 + fi + fi } saltify() {