Initial Oracle support

2025-12-06 17:22:49 +01:00 · 2023-07-10 20:31:49 -04:00
parent b9204cbe99
commit a3f79850fe
1 changed files with 72 additions and 46 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -950,16 +950,19 @@ detect_os() {
 			OSVER=9
 			is_rocky=true
 			is_rpm=true
+			not_supported=true
 		elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
 			OS=centos
 			OSVER=9
 			is_centos=true
 			is_rpm=true
+			not_supported=true
 		elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then
 			OS=rhel
 			OSVER=9
 			is_rhel=true
 			is_rpm=true
+			not_supported=true
 		fi
 	elif [ -f /etc/os-release ]; then
 		OS=ubuntu
@@ -967,17 +970,20 @@ detect_os() {
 			OSVER=focal
 			UBVER=20.04
 			is_ubuntu=true
+			is_supported=true
 		elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then
 			OSVER=jammy
 			UBVER=22.04
 			is_ubuntu=true
 			is_deb=true
+			not_supported=true
 		elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then
 			OSVER=bookworm
 			DEBVER=12
 			is_debian=true
 			OS=debian
 			is_deb=true
+			not_supported=true
 		fi
 		installer_prereq_packages

@@ -987,6 +993,13 @@ detect_os() {
 	fi

 	info "Found OS: $OS $OSVER"
+	if [[ $is_override ]]; then
+		unset $not_supported
+	fi
+	if [[ $not_supported ]]; then
+		info "This is not a supported OS. Exiting Setup"
+		exit 1
+	fi

 }

@@ -1023,16 +1036,6 @@ installer_progress_loop() {
 }

 installer_prereq_packages() {	
-#	if [ "$OS" == rocky ]; then
-#		if [[ ! $is_iso ]]; then
-#			if ! command -v nmcli > /dev/null 2>&1; then
-#				logCmd "dnf -y install NetworkManager"
-#			fi
-#		fi
-#		logCmd "systemctl enable NetworkManager"
-#		logCmd "systemctl start NetworkManager"
-#	el
-	
 	if [[ $is_deb ]]; then
 		# Print message to stdout so the user knows setup is doing something
 		info "Running apt-get update"
@@ -1768,7 +1771,7 @@ reserve_ports() {
 reinstall_init() {
 	info "Putting system in state to run setup again"

-	if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
+	if [[ $install_type =~ ^(MANAGER|EVAL|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
 		local salt_services=( "salt-master" "salt-minion" )
 	else
 		local salt_services=( "salt-minion" )
@@ -1981,44 +1984,67 @@ securityonion_repo() {
 }

 repo_sync_local() {
-	# Sync the repo from the the SO repo locally.
-	# Check for reposync
-	info "Backing up old repos"
-	mkdir -p /nsm/repo
-	mkdir -p /opt/so/conf/reposync/cache
-	if [[ $is_rocky ]]; then
-		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
-		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
-	elif [[ $is_centos ]]; then
-		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt
-		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt
-	elif [[ $is_rhel ]]; then
-		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt
-		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt
-	fi	
-	echo "[main]" > /opt/so/conf/reposync/repodownload.conf
-	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
-	echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
-	echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf
-	echo "best=True" >> /opt/so/conf/reposync/repodownload.conf
-	echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf
-	echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf
-	echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
-	echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
-	echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
-	echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
-	echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
-	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
+	if [[ $is_supported ]]; then
+		# Sync the repo from the the SO repo locally.
+		# Check for reposync
+		info "Backing up old repos"
+		mkdir -p /nsm/repo
+		mkdir -p /opt/so/conf/reposync/cache
+		#if [[ $is_rocky ]]; then
+		#	echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
+		#	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
+		#elif [[ $is_centos ]]; then
+		#	echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt
+		#	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt
+		#elif [[ $is_rhel ]]; then
+		#	echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt
+		#	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt
+		#fi	
+		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt
+		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt
+		echo "[main]" > /opt/so/conf/reposync/repodownload.conf
+		echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
+		echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
+		echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf
+		echo "best=True" >> /opt/so/conf/reposync/repodownload.conf
+		echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf
+		echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf
+		echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
+		echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
+		echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
+		echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
+		echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
+		echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
 	
-	logCmd "dnf repolist"
-	# Make sure we can get to the sig repo
-	# TODO Add if for ISO install
-        curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
-	logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
+		logCmd "dnf repolist"
+		# Make sure we can get to the sig repo
+		# TODO Add if for ISO install
+		if [[ ! $is_airgap ]]; then
+        	curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
+		fi
+		logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"

 	# After the download is complete run createrepo
 	create_repo
-
+	else
+		# Add the proper repos
+		echo "Adding Repos"
+		if [[ $is_rpm ]]; then
+			dnf -y install epel-release
+			dnf install -y yum-utils device-mapper-persistent-data lvm2
+			rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
+			if [[ $is_rhel ]]; then
+				dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
+				curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
+			else
+				dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+				curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
+			fi
+		else
+			echo "Not sure how you got here."
+			exit 1
+		fi
+	fi
 }

 saltify() {