From a4cd695cc8da1985ee22876c6814028ecf674103 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 11 May 2023 16:00:07 -0400 Subject: [PATCH 01/14] Airgap Rules Fix --- salt/docker/defaults.yaml | 1 + salt/firewall/defaults.yaml | 8 ++++++++ salt/firewall/soc_firewall.yaml | 3 +++ salt/idstools/etc/rulecat.conf | 2 +- setup/so-functions | 10 ++-------- 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml index 55dfc5db5..ad3506737 100644 --- a/salt/docker/defaults.yaml +++ b/salt/docker/defaults.yaml @@ -73,6 +73,7 @@ docker: - 80:80 - 443:443 - 8443:8443 + - 7788:7788 custom_bind_mounts: [] extra_hosts: [] 'so-playbook': diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index 1526e5504..b3ec4da27 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -94,6 +94,9 @@ firewall: tcp: - 5601 udp: [] + localrules: + tcp: - 7788 + udp: [] mysql: tcp: - 3306 @@ -181,6 +184,7 @@ firewall: - influxdb - elasticsearch_rest - elasticsearch_node + - localrules sensor: portgroups: - beats_5044 @@ -364,6 +368,7 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - localrules sensor: portgroups: - beats_5044 @@ -501,6 +506,7 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - localrules sensor: portgroups: - beats_5044 @@ -648,6 +654,7 @@ firewall: - elastic_agent_update - endgame - strelka_frontend + - localrules fleet: portgroups: - elasticsearch_rest @@ -1005,6 +1012,7 @@ firewall: - elasticsearch_rest - elasticsearch_node - elastic_agent_control + - localrules sensor: portgroups: - beats_5044 diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 9954c1305..d1db56a0b 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -118,6 +118,9 @@ firewall: kibana: tcp: *tcpsettings udp: *udpsettings + localrules: + tcp: *tcpsettings + udp: *udpsettings mysql: tcp: *tcpsettings udp: *udpsettings diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index fad421243..4ba668026 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -4,7 +4,7 @@ {%- if GLOBALS.airgap is sameas true -%} --merged=/opt/so/rules/nids/all.rules --local=/opt/so/rules/nids/local.rules -{%- if GLOBAL.md_engine == "SURICATA" %} +{%- if GLOBALS.md_engine == "SURICATA" %} --local=/opt/so/rules/nids/sorules/extraction.rules --local=/opt/so/rules/nids/sorules/filters.rules {%- endif %} diff --git a/setup/so-functions b/setup/so-functions index 86a56abd8..ee2d6f81b 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -37,14 +37,8 @@ logCmd() { airgap_rules() { # Copy the rules for suricata if using Airgap - mkdir -p /nsm/repo/rules - cp -v /root/SecurityOnion/agrules/emerging-all.rules /nsm/repo/rules/ - - # Copy over sigma rules - cp -Rv /root/SecurityOnion/agrules/sigma /nsm/repo/rules/ - - # Don't leave Strelka out - cp -Rv /root/SecurityOnion/agrules/strelka /nsm/repo/rules/ + mkdir -p /nsm/rules + cp -Rv /root/SecurityOnion/agrules/* /nsm/rules/ } add_admin_user() { From 64e294ef48dc17f985cfd71a00e20e15629258b5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 11 May 2023 16:02:58 -0400 Subject: [PATCH 02/14] Fix verify so copying sigma rules isnt fail --- setup/so-verify | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-verify b/setup/so-verify index a89e24120..3c3724e9d 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -48,6 +48,7 @@ log_has_errors() { grep -vE "code: 100" | \ grep -vE "/tmp/__salt.tmp." | \ grep -vE "retcode: 126" | \ + grep -vE "/nsm/repo/rules/sigma/rules*" | \ grep -vE "Running scope as unit" &> "$error_log" if [[ $? -eq 0 ]]; then From dbd4a5bd98086e9ea23a7530ded2e8b96e96f28d Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 12 May 2023 12:11:28 -0400 Subject: [PATCH 03/14] Refactor wrapper --- .../so-elastic-agent-gen-installers | 40 ++++++++++--------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index 44c352352..7a48f8672 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -4,20 +4,17 @@ # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use # this file except in compliance with the Elastic License 2.0. -#so-elastic-agent-gen-installers $FleetHost $EnrollmentToken +#so-elastic-agent-gen-installers $FleetHostURLs $EnrollmentToken {% from 'vars/globals.map.jinja' import GLOBALS %} . /usr/sbin/so-common ENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints")) | .api_key') +FLEETHOST=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/fleet_server_hosts' | jq -r '.items[].host_urls[]' | paste -sd ',') +OSARCH=( "linux-x86_64" "windows-x86_64" "darwin-x86_64" "darwin-aarch64" ) -#FLEETHOST=$(lookup_pillar "server:url" "elasticfleet") -FLEETHOST="{{ GLOBALS.manager_ip }}" - -#FLEETHOST=$1 -#ENROLLMENTOKEN=$2 -TARGETOS=( "linux" "darwin" "windows" ) +if [[ -z $FLEETHOST ]] || [[ -z $ENROLLMENTOKEN ]]; then printf "\nFleet Host URL or Enrollment Token empty - exiting..." && exit; fi printf "\n### Get rid of any previous runs\n" rm -rf /tmp/elastic-agent-workspace @@ -25,31 +22,36 @@ mkdir -p /tmp/elastic-agent-workspace printf "\n### Extract outer tarball and then each individual tarball/zip\n" tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /tmp/elastic-agent-workspace/ -unzip /tmp/elastic-agent-workspace/elastic-agent-*.zip -d /tmp/elastic-agent-workspace/ +unzip -q /tmp/elastic-agent-workspace/elastic-agent-*.zip -d /tmp/elastic-agent-workspace/ for archive in /tmp/elastic-agent-workspace/*.tar.gz -do +do + printf "\nExtracting $archive..." tar xf "$archive" -C /tmp/elastic-agent-workspace/ done -printf "\n### Strip out unused components" +printf "\n\n### Strip out unused components" find /tmp/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete -printf "\n### Tar everything up again" -for OS in "${TARGETOS[@]}" +printf "\n\n### Tar everything up again" +for OS in "${OSARCH[@]}" do + printf "\nCreating tarball for $OS..." rm -rf /tmp/elastic-agent-workspace/elastic-agent - mv /tmp/elastic-agent-workspace/elastic-agent-*-$OS-x86_64 /tmp/elastic-agent-workspace/elastic-agent - tar -czvf /tmp/elastic-agent-workspace/$OS.tar.gz -C /tmp/elastic-agent-workspace elastic-agent + mv /tmp/elastic-agent-workspace/elastic-agent-*-$OS /tmp/elastic-agent-workspace/elastic-agent + tar -czf /tmp/elastic-agent-workspace/$OS.tar.gz -C /tmp/elastic-agent-workspace elastic-agent done +GOTARGETOS=( "linux" "windows" "darwin" "darwin/arm64" ) +GOARCH="amd64" printf "\n### Generate OS packages using the cleaned up tarballs" -for OS in "${TARGETOS[@]}" +for GOOS in "${GOTARGETOS[@]}" do - printf "\n\n### Generating $OS Installer...\n" - docker run -e CGO_ENABLED=0 -e GOOS=$OS \ + if [[ $GOOS == 'darwin/arm64' ]]; then GOOS="darwin" && GOARCH="arm64"; fi + printf "\n\n### Generating $GOOS/$GOARCH Installer...\n" + docker run -e CGO_ENABLED=0 -e GOOS=$GOOS -e GOARCH=$GOARCH \ --mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \ --mount type=bind,source=/tmp/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \ --mount type=bind,source=/opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/,target=/output/ \ - {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHost=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN" -o /output/so-elastic-agent_$OS - printf "\n### $OS Installer Generated...\n" + {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHostURLsList=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN" -o /output/so-elastic-agent_${GOOS}_${GOARCH} + printf "\n### $GOOS/$GOARCH Installer Generated...\n" done From 64726af69c07e0bea5909224dcb2dce6c8440440 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 15 May 2023 12:09:16 -0400 Subject: [PATCH 04/14] Change from tmp --- .../so-elastic-agent-gen-installers | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index 7a48f8672..768862925 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -16,42 +16,44 @@ OSARCH=( "linux-x86_64" "windows-x86_64" "darwin-x86_64" "darwin-aarch64" ) if [[ -z $FLEETHOST ]] || [[ -z $ENROLLMENTOKEN ]]; then printf "\nFleet Host URL or Enrollment Token empty - exiting..." && exit; fi -printf "\n### Get rid of any previous runs\n" -rm -rf /tmp/elastic-agent-workspace -mkdir -p /tmp/elastic-agent-workspace +printf "\n### Creating a temp directory at /nsm/elastic-agent-workspace\n" +rm -rf /nsm/elastic-agent-workspace +mkdir -p /nsm/elastic-agent-workspace -printf "\n### Extract outer tarball and then each individual tarball/zip\n" -tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /tmp/elastic-agent-workspace/ -unzip -q /tmp/elastic-agent-workspace/elastic-agent-*.zip -d /tmp/elastic-agent-workspace/ -for archive in /tmp/elastic-agent-workspace/*.tar.gz +printf "\n### Extracting outer tarball and then each individual tarball/zip\n" +tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /nsm/elastic-agent-workspace/ +unzip -q /nsm/elastic-agent-workspace/elastic-agent-*.zip -d /nsm/elastic-agent-workspace/ +for archive in /nsm/elastic-agent-workspace/*.tar.gz do printf "\nExtracting $archive..." - tar xf "$archive" -C /tmp/elastic-agent-workspace/ + tar xf "$archive" -C /nsm/elastic-agent-workspace/ done -printf "\n\n### Strip out unused components" -find /tmp/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete +printf "\n### Stripping out unused components" +find /nsm/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete -printf "\n\n### Tar everything up again" +printf "\n### Tarring everything up again" for OS in "${OSARCH[@]}" do printf "\nCreating tarball for $OS..." - rm -rf /tmp/elastic-agent-workspace/elastic-agent - mv /tmp/elastic-agent-workspace/elastic-agent-*-$OS /tmp/elastic-agent-workspace/elastic-agent - tar -czf /tmp/elastic-agent-workspace/$OS.tar.gz -C /tmp/elastic-agent-workspace elastic-agent + rm -rf /nsm/elastic-agent-workspace/elastic-agent + mv /nsm/elastic-agent-workspace/elastic-agent-*-$OS /nsm/elastic-agent-workspace/elastic-agent + tar -czf /nsm/elastic-agent-workspace/$OS.tar.gz -C /nsm/elastic-agent-workspace elastic-agent done GOTARGETOS=( "linux" "windows" "darwin" "darwin/arm64" ) GOARCH="amd64" -printf "\n### Generate OS packages using the cleaned up tarballs" -for GOOS in "${GOTARGETOS[@]}" +printf "\n### Generating OS packages using the cleaned up tarballs"for GOOS in "${GOTARGETOS[@]}" do if [[ $GOOS == 'darwin/arm64' ]]; then GOOS="darwin" && GOARCH="arm64"; fi printf "\n\n### Generating $GOOS/$GOARCH Installer...\n" docker run -e CGO_ENABLED=0 -e GOOS=$GOOS -e GOARCH=$GOARCH \ --mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \ - --mount type=bind,source=/tmp/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \ + --mount type=bind,source=/nsm/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \ --mount type=bind,source=/opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/,target=/output/ \ {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHostURLsList=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN" -o /output/so-elastic-agent_${GOOS}_${GOARCH} printf "\n### $GOOS/$GOARCH Installer Generated...\n" done + +printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace" +rm -rf /nsm/elastic-agent-workspace \ No newline at end of file From 576c1d7cc1547681ef77b6b31e34f749901145fc Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 15 May 2023 14:55:43 -0400 Subject: [PATCH 05/14] Add retry --- .../sbin_jinja/so-elastic-agent-gen-installers | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index 414548529..297f35a38 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -10,12 +10,16 @@ . /usr/sbin/so-common -ENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints")) | .api_key') -FLEETHOST=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/fleet_server_hosts' | jq -r '.items[].host_urls[]' | paste -sd ',') -OSARCH=( "linux-x86_64" "windows-x86_64" "darwin-x86_64" "darwin-aarch64" ) - +for i in {1..30} +do + ENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints")) | .api_key') + FLEETHOST=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/fleet_server_hosts' | jq -r '.items[].host_urls[]' | paste -sd ',') +if [[ $FLEETHOST ]] && [[ $ENROLLMENTOKEN ]]; then break; else sleep 10; fi +done if [[ -z $FLEETHOST ]] || [[ -z $ENROLLMENTOKEN ]]; then printf "\nFleet Host URL or Enrollment Token empty - exiting..." && exit; fi +OSARCH=( "linux-x86_64" "windows-x86_64" "darwin-x86_64" "darwin-aarch64" ) + printf "\n### Creating a temp directory at /nsm/elastic-agent-workspace\n" rm -rf /nsm/elastic-agent-workspace mkdir -p /nsm/elastic-agent-workspace @@ -33,7 +37,6 @@ printf "\n### Stripping out unused components" find /nsm/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete printf "\n### Tarring everything up again" - for OS in "${OSARCH[@]}" do printf "\nCreating tarball for $OS..." @@ -45,7 +48,6 @@ done GOTARGETOS=( "linux" "windows" "darwin" "darwin/arm64" ) GOARCH="amd64" printf "\n### Generating OS packages using the cleaned up tarballs"for GOOS in "${GOTARGETOS[@]}" - do if [[ $GOOS == 'darwin/arm64' ]]; then GOOS="darwin" && GOARCH="arm64"; fi printf "\n\n### Generating $GOOS/$GOARCH Installer...\n" @@ -58,4 +60,4 @@ do done printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace" -rm -rf /nsm/elastic-agent-workspace +rm -rf /nsm/elastic-agent-workspace \ No newline at end of file From b3528b21390fade69c9229033eecad16e59c14ab Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 15 May 2023 15:18:49 -0400 Subject: [PATCH 06/14] Fix path --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index a0dbe2ffc..14830b6a2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -973,7 +973,7 @@ download_elastic_agent_artifacts() { else logCmd "mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/" logCmd "curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz" - logCmd "tar -xf /nsm/elastic-fleet/artifacts/beats/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/" + logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/" fi } From 2fe88a1e663d44102a4fa2c187207fad661736a1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 15 May 2023 15:33:52 -0400 Subject: [PATCH 07/14] Fix verify so copying sigma rules isnt fail --- setup/so-verify | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-verify b/setup/so-verify index 7345ae4ab..62e15b7d4 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -44,6 +44,7 @@ log_has_errors() { grep -vE "Exception in callback None" | \ grep -vE "deprecation: ERROR" | \ grep -vE "code: 100" | \ + grep -vE "/nsm/repo/rules/sigma/rules*" | \ grep -vE "Running scope as unit" &> "$error_log" if [[ $? -eq 0 ]]; then From 40de01e8c422468f510e856296ba4c2a7568305f Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Mon, 15 May 2023 15:56:21 -0400 Subject: [PATCH 08/14] Temp fix --- .../tools/sbin_jinja/so-elastic-agent-gen-installers | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index 297f35a38..d8d4bad2c 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -10,10 +10,12 @@ . /usr/sbin/so-common +FLEETHOST="https://:{{ GLOBALS.manager_ip }}:8220" + for i in {1..30} do ENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints")) | .api_key') - FLEETHOST=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/fleet_server_hosts' | jq -r '.items[].host_urls[]' | paste -sd ',') + #FLEETHOST=$(curl -K /opt/so/conf/elasticsearch/curl.config 'http://localhost:5601/api/fleet/fleet_server_hosts' | jq -r '.items[].host_urls[]' | paste -sd ',') if [[ $FLEETHOST ]] && [[ $ENROLLMENTOKEN ]]; then break; else sleep 10; fi done if [[ -z $FLEETHOST ]] || [[ -z $ENROLLMENTOKEN ]]; then printf "\nFleet Host URL or Enrollment Token empty - exiting..." && exit; fi From 58f80120bd8b7ddff5045ff56d3149662b1337ee Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 15 May 2023 18:58:04 -0400 Subject: [PATCH 09/14] ISO tests also use DHCP --- setup/so-setup | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 879a3c4d1..1e93decde 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -202,12 +202,13 @@ if [ -n "$test_profile" ]; then MINION_CIDR=10.0.0.0/8 MSRV=manager - if [[ "$test_profile" =~ "-net" ]]; then + if [[ "$test_profile" =~ "-net" ] || [ "$test_profile" =~ "-iso" ]]; then address_type=DHCP elif [[ "$test_profile" =~ "-cloud" ]]; then MSRVIP=10.99.1.20 elif [[ "$test_profile" =~ "-airgap" ]]; then is_airgap=true + address_type=DHCP fi if [ -f "/root/public_ip" ]; then From 9f879164ecbe53b6367ca8691f6a1f35df0fa50c Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 16 May 2023 06:45:17 -0400 Subject: [PATCH 10/14] Fix broken loop --- .../tools/sbin_jinja/so-elastic-agent-gen-installers | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index d8d4bad2c..d4a7d3b21 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -49,7 +49,8 @@ done GOTARGETOS=( "linux" "windows" "darwin" "darwin/arm64" ) GOARCH="amd64" -printf "\n### Generating OS packages using the cleaned up tarballs"for GOOS in "${GOTARGETOS[@]}" +printf "\n### Generating OS packages using the cleaned up tarballs" +for GOOS in "${GOTARGETOS[@]}" do if [[ $GOOS == 'darwin/arm64' ]]; then GOOS="darwin" && GOARCH="arm64"; fi printf "\n\n### Generating $GOOS/$GOARCH Installer...\n" From 0f6d89432229f16861cba5fff97bd0c41cff058f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 16 May 2023 07:22:17 -0400 Subject: [PATCH 11/14] missing braces --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 1e93decde..3d5c24fc2 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -202,7 +202,7 @@ if [ -n "$test_profile" ]; then MINION_CIDR=10.0.0.0/8 MSRV=manager - if [[ "$test_profile" =~ "-net" ] || [ "$test_profile" =~ "-iso" ]]; then + if [[ "$test_profile" =~ "-net" ]] || [[ "$test_profile" =~ "-iso" ]]; then address_type=DHCP elif [[ "$test_profile" =~ "-cloud" ]]; then MSRVIP=10.99.1.20 From 923de356e11e7b8ba3196cf7e31c10d6a37bb4a1 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 16 May 2023 08:06:31 -0400 Subject: [PATCH 12/14] Fix typos --- salt/elasticfleet/install_agent_grid.sls | 2 +- .../tools/sbin_jinja/so-elastic-agent-gen-installers | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticfleet/install_agent_grid.sls b/salt/elasticfleet/install_agent_grid.sls index bacede812..00a74437e 100644 --- a/salt/elasticfleet/install_agent_grid.sls +++ b/salt/elasticfleet/install_agent_grid.sls @@ -9,7 +9,7 @@ run_installer: cmd.script: - - name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux + - name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64 - cwd: /opt/so - args: -token={{ GRIDNODETOKEN }} diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index d4a7d3b21..2dd92d21b 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -10,7 +10,7 @@ . /usr/sbin/so-common -FLEETHOST="https://:{{ GLOBALS.manager_ip }}:8220" +FLEETHOST="https://{{ GLOBALS.manager_ip }}:8220" for i in {1..30} do From fb298224fc2452d2a862e6f96b37fd65be9e56e4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 16 May 2023 08:17:50 -0400 Subject: [PATCH 13/14] Update defaults.yaml --- salt/firewall/defaults.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index b3ec4da27..ee54f0c1f 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -95,7 +95,8 @@ firewall: - 5601 udp: [] localrules: - tcp: - 7788 + tcp: + - 7788 udp: [] mysql: tcp: From 00a7beaca2249d14b958191d3c67cace3c9c8bcb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 16 May 2023 08:43:13 -0400 Subject: [PATCH 14/14] ensure automated tests have passwordless sudo --- setup/so-setup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup/so-setup b/setup/so-setup index 3d5c24fc2..6051ba742 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -225,6 +225,8 @@ if [ -n "$test_profile" ]; then WEBUSER=onionuser@somewhere.invalid WEBPASSWD1=0n10nus3r WEBPASSWD2=0n10nus3r + + update_sudoers_for_testing fi # Make sure the setup type is suppoted.