CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[refactor][fix] Update reinstall logic

Browse Source 
* Only set reinstall flag if new accept_changes file exists
* Instead of stopping highstate from running, kill all salt processes and remove their configs
* Make end of non-reinstall logs clear in cases where user cancels (and log not rotated)
This commit is contained in:
William Wernert
2020-11-18 12:29:54 -05:00
parent 8a4defcffa
commit ad74b4b3e0
4 changed files with 22 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
setup/so-functions
View File

@@ -1382,20 +1382,13 @@ reinstall_init() {
info "Putting system in state to run setup again" info "Putting system in state to run setup again"
{ {
local minion_config=/etc/salt/minion rm -f "$change_file"
# Remove startup_states from minion config so we don't immediately highstate when salt starts back up # Kill any salt processes
if [[ -f $minion_config ]] && grep -q "startup_states" $minion_config; then pkill -9 -ef /usr/bin/salt
sed -i '/startup_states/d' $minion_config
fi
if command -v salt-call &> /dev/null; then # Remove all salt configs
# Disable schedule so highstate doesn't start running during the install rm -rf /etc/salt/global /etc/salt/minion /etc/salt/master /etc/salt/pki/*
salt-call -l info schedule.disable
# Kill any currently running salt jobs, also to prevent issues with highstate.
salt-call -l info saltutil.kill_all_jobs
fi
if command -v docker &> /dev/null; then if command -v docker &> /dev/null; then
# Stop and remove all so-* containers so files can be changed with more safety # Stop and remove all so-* containers so files can be changed with more safety

20
setup/so-setup
View File

@@ -24,19 +24,10 @@ fi
cd "$(dirname "$0")" || exit 255 cd "$(dirname "$0")" || exit 255
source ./so-variables
is_reinstall=false
if [[ -f $setup_log ]]; then
is_reinstall=true
# Move last setup log to backup
mv $setup_log $setup_log.bak
fi
source ./so-functions source ./so-functions
source ./so-common-functions source ./so-common-functions
source ./so-whiptail source ./so-whiptail
source ./so-variables
# Parse command line arguments # Parse command line arguments
setup_type=$1 setup_type=$1
@@ -63,6 +54,13 @@ while [[ $# -gt 0 ]]; do
esac esac
done done
is_reinstall=false
if [[ -f $change_file ]]; then
is_reinstall=true
# Move last setup log to backup
mv "$setup_log" "$setup_log.bak"
fi
# Begin Installation pre-processing # Begin Installation pre-processing
parse_install_username parse_install_username
@@ -320,7 +318,6 @@ if [[ $is_import ]]; then
PLAYBOOK=0 PLAYBOOK=0
fi fi
# Start user prompts # Start user prompts
if [[ $is_helix || $is_sensor ]]; then if [[ $is_helix || $is_sensor ]]; then
@@ -428,6 +425,7 @@ fi
if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi
whiptail_make_changes whiptail_make_changes
touch $change_file
# From here on changes will be made. # From here on changes will be made.

3
setup/so-variables
View File

@@ -21,6 +21,9 @@ export node_es_port
setup_log="/root/sosetup.log" setup_log="/root/sosetup.log"
export setup_log export setup_log
change_file="/root/accept_changes"
export change_file
filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
export filesystem_root export filesystem_root

6
setup/so-whiptail
View File

@@ -168,8 +168,12 @@ whiptail_cancel() {
echo "/root/installtmp removed"; echo "/root/installtmp removed";
} >> $setup_log 2>&1 } >> $setup_log 2>&1
fi fi
exit
echo "----------" >> "$setup_log" 2>&1
info "User cancelled setup, no changes made."
echo "----------" >> "$setup_log" 2>&1
exit
} }
whiptail_check_exitstatus() { whiptail_check_exitstatus() {