Initial Oracle support

2025-12-06 17:22:49 +01:00 · 2023-07-10 20:31:49 -04:00
parent b9204cbe99
commit a3f79850fe
1 changed files with 72 additions and 46 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -950,16 +950,19 @@ detect_os() {
 			OSVER=9
 			is_rocky=true
 			is_rpm=true
 			not_supported=true
 		elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
 			OS=centos
 			OSVER=9
 			is_centos=true
 			is_rpm=true
 			not_supported=true
 		elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then
 			OS=rhel
 			OSVER=9
 			is_rhel=true
 			is_rpm=true
 			not_supported=true
 		fi
 	elif [ -f /etc/os-release ]; then
 		OS=ubuntu
@@ -967,17 +970,20 @@ detect_os() {
 			OSVER=focal
 			UBVER=20.04
 			is_ubuntu=true
 			is_supported=true
 		elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then
 			OSVER=jammy
 			UBVER=22.04
 			is_ubuntu=true
 			is_deb=true
 			not_supported=true
 		elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then
 			OSVER=bookworm
 			DEBVER=12
 			is_debian=true
 			OS=debian
 			is_deb=true
 			not_supported=true
 		fi
 		installer_prereq_packages
@@ -987,6 +993,13 @@ detect_os() {
 	fi
 	info "Found OS: $OS $OSVER"
 	if [[ $is_override ]]; then
 		unset $not_supported
 	fi
 	if [[ $not_supported ]]; then
 		info "This is not a supported OS. Exiting Setup"
 		exit 1
 	fi
 }
@@ -1022,17 +1035,7 @@ installer_progress_loop() {
 	done
 }
-installer_prereq_packages() {
+installer_prereq_packages() {	
 #	if [ "$OS" == rocky ]; then
 #		if [[ ! $is_iso ]]; then
 #			if ! command -v nmcli > /dev/null 2>&1; then
 #				logCmd "dnf -y install NetworkManager"
 #			fi
 #		fi
 #		logCmd "systemctl enable NetworkManager"
 #		logCmd "systemctl start NetworkManager"
 #	el
 	if [[ $is_deb ]]; then
 		# Print message to stdout so the user knows setup is doing something
 		info "Running apt-get update"
@@ -1768,7 +1771,7 @@ reserve_ports() {
 reinstall_init() {
 	info "Putting system in state to run setup again"
-	if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
+	if [[ $install_type =~ ^(MANAGER|EVAL|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
 		local salt_services=( "salt-master" "salt-minion" )
 	else
 		local salt_services=( "salt-minion" )
@@ -1981,44 +1984,67 @@ securityonion_repo() {
 }
 repo_sync_local() {
-	# Sync the repo from the the SO repo locally.
+	if [[ $is_supported ]]; then
-	# Check for reposync
+		# Sync the repo from the the SO repo locally.
-	info "Backing up old repos"
+		# Check for reposync
-	mkdir -p /nsm/repo
+		info "Backing up old repos"
-	mkdir -p /opt/so/conf/reposync/cache
+		mkdir -p /nsm/repo
-	if [[ $is_rocky ]]; then
+		mkdir -p /opt/so/conf/reposync/cache
-		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
+		#if [[ $is_rocky ]]; then
-		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
+		#	echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
-	elif [[ $is_centos ]]; then
+		#	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
-		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt
+		#elif [[ $is_centos ]]; then
-		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt
+		#	echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt
-	elif [[ $is_rhel ]]; then
+		#	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt
-		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt
+		#elif [[ $is_rhel ]]; then
-		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt
+		#	echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt
-	fi	
+		#	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt
-	echo "[main]" > /opt/so/conf/reposync/repodownload.conf
+		#fi	
-	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
+		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt
-	echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
+		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt
-	echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf
+		echo "[main]" > /opt/so/conf/reposync/repodownload.conf
-	echo "best=True" >> /opt/so/conf/reposync/repodownload.conf
+		echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
-	echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf
+		echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
-	echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf
+		echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf
-	echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
+		echo "best=True" >> /opt/so/conf/reposync/repodownload.conf
-	echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
+		echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf
-	echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
+		echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf
-	echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
+		echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
-	echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
+		echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
-	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
+		echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
 		echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
 		echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
 		echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
-	logCmd "dnf repolist"
+		logCmd "dnf repolist"
-	# Make sure we can get to the sig repo
+		# Make sure we can get to the sig repo
-	# TODO Add if for ISO install
+		# TODO Add if for ISO install
-        curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
+		if [[ ! $is_airgap ]]; then
-	logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
+        	curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
 		fi
 		logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
 	# After the download is complete run createrepo
 	create_repo
-
+	else
 		# Add the proper repos
 		echo "Adding Repos"
 		if [[ $is_rpm ]]; then
 			dnf -y install epel-release
 			dnf install -y yum-utils device-mapper-persistent-data lvm2
 			rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
 			if [[ $is_rhel ]]; then
 				dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
 				curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
 			else
 				dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
 				curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
 			fi
 		else
 			echo "Not sure how you got here."
 			exit 1
 		fi
 	fi
 }
 saltify() {