Merge pull request #6107 from Security-Onion-Solutions/foxtrot

Manage docker gid and run preflight check during setup
2025-12-06 09:12:45 +01:00 · 2021-11-04 10:07:05 -04:00
parent 9b0ce8b395 fb35ff40b4
commit a4289b7ab9
6 changed files with 78 additions and 14 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -9,6 +9,11 @@ rmvariablesfile:
  file.absent:
    - name: /tmp/variables.txt

+dockergroup:
+  group.present:
+    - name: docker
+    - gid: 920
+
 # Add socore Group
 socoregroup:
  group.present:
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -87,4 +87,4 @@ salt_minion_service:

 patch_pkg:
  pkg.installed:
-    - name: patch
+    - name: patch
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1124,9 +1124,10 @@ detect_os() {

 installer_progress_loop() {
 	local i=0
+	local msg="${1:-Performing background actions...}"
 	while true; do
 		[[ $i -lt 98 ]] && ((i++))
-		set_progress_str "$i" 'Checking that all required packages are installed and enabled...' nolog
+		set_progress_str "$i" "$msg" nolog
 		[[ $i -gt 0 ]] && sleep 5s
 	done
 }
--- a/setup/so-preflight
+++ b/setup/so-preflight
@@ -18,7 +18,13 @@
 source ../salt/common/tools/sbin/so-common
 source ./so-functions

-preflight_log='/root/preflight.log'
+script_run="$1"
+
+if [[ $script_run == true ]]; then
+	preflight_log="${2:-'/root/preflight.log'}"
+else
+	preflight_log='/root/preflight.log'
+fi

 check_default_repos() {
 	local ret_code=0
@@ -27,7 +33,7 @@ check_default_repos() {
 	if [[ $OS == 'centos' ]]; then
 		printf '%s' 'yum update.' | tee -a "$preflight_log"
 		echo "" >> "$preflight_log"
-		yum -y update >> $preflight_log 2>&1
+		yum -y check-update >> $preflight_log 2>&1
 		ret_code=$?
 	else
 		printf '%s' 'apt update.' | tee -a "$preflight_log"
@@ -72,7 +78,8 @@ check_new_repos() {
 check_misc_urls() {
 	printf '  Checking various other URLs used by setup.' | tee -a "$preflight_log"

-	local so_version=$(cat ../VERSION)
+	local so_version
+	so_version=$(cat ../VERSION)
 	local url_arr=(
 		"https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
 		"https://github.com/Neo23x0/signature-base"
@@ -112,10 +119,18 @@ __check_url_arr() {
 }

 main() {
+	local intro_str="Beginning pre-flight checks."
+	local success_str="Pre-flight checks completed successfully!"
+	local fail_str="Pre-flight checks could not complete."
+
 	detect_os "$preflight_log"

 	[[ -f $preflight_log ]] || touch "$preflight_log"
-	echo "Beginning pre-flight checks." | tee "$preflight_log"
+	if [[ $script_run == true ]]; then
+		echo "$intro_str"
+	else
+		echo "$intro_str" | tee "$preflight_log"
+	fi
 	check_default_repos &&\
 	check_new_repos &&\
 	check_misc_urls
@@ -124,12 +139,23 @@ main() {
 	
 	echo ""
 	if [[ $success == 0 ]]; then
-		echo -e "Pre-flight checks completed successfully!\n" | tee -a "$preflight_log"
+		if [[ $script_run == true ]]; then
+			echo "$success_str"
+		else
+			echo "$success_str" | tee -a "$preflight_log"
+			echo ""
+		fi
 	else
-		echo -e "Pre-flight checks could not complete." | tee -a "$preflight_log"
-		echo -e "  Check $preflight_log for details.\n"
-		exit 1
+		if [[ $script_run == true ]]; then
+			echo "$fail_str"
+		else
+			echo "$fail_str" | tee -a "$preflight_log"
+			echo "Check $preflight_log for details."
+			echo ""
+		fi
 	fi
+
+	exit $success
 }

 main
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -345,9 +345,27 @@ else
 	rm -rf $install_opt_file >> "$setup_log" 2>&1
 fi

+if [[ -z $is_airgap ]]; then
+	percentage=0
+	{
+		installer_progress_loop 'Running preflight checks...' &
+		progress_bg_proc=$!
+		./so-preflight true "$setup_log" >> $setup_log 2>&1
+		preflight_ret=$?
+		echo "$preflight_ret" > /tmp/preflight_ret
+		kill -9 "$progress_bg_proc"
+		wait "$progress_bg_proc" &> /dev/null
+	} | progress '...'
+	[[ -f /tmp/preflight_ret ]] && preflight_ret=$(cat /tmp/preflight_ret)
+	rm /tmp/preflight_ret
+	if [[ -n $preflight_ret && $preflight_ret -gt 0 ]] && ! ( whiptail_preflight_err ); then
+		whiptail_cancel
+	fi
+fi
+
 percentage=0
 {
-	installer_progress_loop & # Run progress bar to 98 in ~8 minutes while waiting for package installs
+	installer_progress_loop 'Checking that all required packages are installed and enabled...' & # Run progress bar to 98 in ~8 minutes while waiting for package installs
 	progress_bg_proc=$!
 	installer_prereq_packages
 	install_success=$?
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -83,8 +83,8 @@ whiptail_bond_nics_mtu() {
 }

 whiptail_cancel() {
-
-	whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75
+	[ -z "$TESTING" ] && whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75
+	
 	if [ -d "/root/installtmp" ]; then
 		{
 			echo "/root/installtmp exists";
@@ -95,7 +95,7 @@ whiptail_cancel() {

 	title "User cancelled setup."
 	
-	exit
+	exit 1
 }

 whiptail_check_exitstatus() {
@@ -1489,6 +1489,20 @@ whiptail_patch_schedule_select_hours() {

 }

+whiptail_preflight_err() {
+	[ -n "$TESTING" ] && return 1
+
+	read -r -d '' message <<- EOM
+	The so-preflight script failed checking one or more URLs required by setup. Check $setup_log for more details.
+
+	Would you like to exit setup?
+	EOM
+
+	whiptail --title "$whiptail_title" \
+		--yesno "$message" 11 75 \
+		--yes-button "Continue" --no-button "Exit" --defaultno
+}
+
 whiptail_proxy_ask() {
 	[ -n "$TESTING" ] && return