refactor airgap playbook to eliminate dupe code and shrink ISO

2025-12-06 17:22:49 +01:00 · 2025-06-24 09:34:57 -04:00
parent 6fc7c930a6
commit b052a75e64
4 changed files with 13 additions and 15 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -99,6 +99,17 @@ add_interface_bond0() {
 	fi
 }

+airgap_playbooks() {
+	SRC_DIR=$1
+	# Copy playbooks if using airgap
+	mkdir -p /nsm/airgap-resources
+	# Purge old airgap playbooks to ensure SO only uses the latest released playbooks
+	rm -fr /nsm/airgap-resources/playbooks
+	logCmd "tar xf $SRC_DIR/airgap-resources/playbooks.tgz -C /nsm/airgap-resources/"
+	logCmd "chown -R socore:socore /nsm/airgap-resources/playbooks"
+	logCmd "git config --global --add safe.directory /nsm/airgap-resources/playbooks"
+}
+
 check_container() {
 	docker ps | grep "$1:" > /dev/null 2>&1
 	return $?
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1069,13 +1069,6 @@ update_airgap_rules() {
  rsync -a $UPDATE_DIR/agrules/securityonion-resources/* /nsm/securityonion-resources/
 }

-update_airgap_playbooks() {
-  # Copy the playbooks over to update them for airgap.
-  mkdir -p /nsm/airgap-resources/playbooks
-  chown -R socore:socore /nsm/airgap-resources/playbooks
-  rsync -a --delete --chown=socore:socore $UPDATE_DIR/airgap-resources/playbooks/ /nsm/airgap-resources/playbooks/
-}
-
 update_airgap_repo() {
  # Update the files in the repo
  echo "Syncing new updates to /nsm/repo"
@@ -1426,7 +1419,7 @@ main() {
      echo "Updating Rule Files to the Latest."
      update_airgap_rules
      echo "Updating Playbooks to the Latest."
-      update_airgap_playbooks
+      airgap_playbooks "$UPDATE_DIR"
    fi

    # since we don't run the backup.config_backup state on import we wont snapshot previous version states and pillars
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -56,12 +56,6 @@ airgap_detection_summaries() {
 	logCmd "git config --global --add safe.directory /opt/so/conf/soc/ai_summary_repos/securityonion-resources"
 	logCmd "git -C /opt/so/conf/soc/ai_summary_repos/securityonion-resources checkout generated-summaries-published"
 }
-airgap_playbooks() {
-	# Copy playbooks if using airgap
-	mkdir -p /nsm/airgap-resources/playbooks
-	logCmd "rsync -av --chown=socore:socore /root/SecurityOnion/airgap-resources/playbooks/ /nsm/airgap-resources/playbooks/"
-	logCmd "git config --global --add safe.directory /nsm/airgap-resources/playbooks"
-}

 add_admin_user() {
 	title "Adding $ADMINUSER to the system with sudo rights"
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -771,7 +771,7 @@ if ! [[ -f $install_opt_file ]]; then
 		fi
 		if [[ $is_airgap ]]; then
 			title "Syncing Playbooks"
-			airgap_playbooks
+			airgap_playbooks /root/SecurityOnion
 		fi
 		title "Setting up Kibana Default Space"
 		logCmd "so-kibana-space-defaults"