From b41ba1ea3ce2b951213d6cbd0d178ce6ee4ba66a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 8 Dec 2020 15:29:04 -0500 Subject: [PATCH] [feat] Compare setup version to manager, dl tarball + exec on mismatch --- setup/so-functions | 20 +++++++ setup/so-setup | 132 ++++++++++++++++++++++++++------------------- 2 files changed, 97 insertions(+), 55 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index fd7a02858..5375d725c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -518,6 +518,14 @@ check_requirements() { fi } +compare_versions() { + manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) + export manager_ver + + [[ "$manager_ver" == "$SOVERSION" ]] + return +} + configure_network_sensor() { echo "Setting up sensor interface" >> "$setup_log" 2>&1 local nic_error=0 @@ -913,6 +921,18 @@ docker_seed_registry() { } +download_repo_tarball() { + scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/new_setup + + # Fail if the file doesn't download + if ! [ -f /root/new_setup/"$manager_ver".tar.gz ]; then + kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + fi + + tar -xzf /root/new_setup/"$manager_ver".tar.gz -C /root/new_setup/securityonion + rm -rf /root/new_setup/"$manager_ver".tar.gz +} + fireeye_pillar() { local fireeye_pillar_path=$local_salt_dir/pillar/fireeye diff --git a/setup/so-setup b/setup/so-setup index f9ae6fe50..8ea110e96 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -54,6 +54,10 @@ while [[ $# -gt 0 ]]; do esac done +if ! [ -f /root/install_opt ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then + exec bash /root/manager_setup/securityonion/setup/so-setup "$@" +fi + if [[ -f /root/accept_changes ]]; then is_reinstall=true @@ -62,13 +66,16 @@ if [[ -f /root/accept_changes ]]; then mv "$error_log" "$error_log.bak" fi -# Begin Installation pre-processing -parse_install_username -title "Initializing Setup" -info "Installing as the $INSTALLUSERNAME user" +if ! [ -f /root/install_opt ]; then + # Begin Installation pre-processing + parse_install_username -analyze_system + title "Initializing Setup" + info "Installing as the $INSTALLUSERNAME user" + + analyze_system +fi automated=no function progress() { @@ -145,14 +152,18 @@ if [ "$automated" == no ]; then fi fi -if (whiptail_you_sure); then - true -else - echo "User cancelled setup." | tee $setup_log - whiptail_cancel -fi +if ! [ -f /root/install_opt ]; then + if (whiptail_you_sure); then + true + else + echo "User cancelled setup." | tee "$setup_log" + whiptail_cancel + fi -whiptail_install_type + whiptail_install_type +else + install_type=$(cat /root/install_opt) +fi if [ "$install_type" = 'EVAL' ]; then is_node=true @@ -204,7 +215,6 @@ if [[ "$setup_type" == 'iso' ]]; then fi # Check if this is an airgap install - if [[ $is_manager && $is_iso ]]; then whiptail_airgap if [[ "$INTERWEBS" == 'AIRGAP' ]]; then @@ -212,54 +222,66 @@ if [[ $is_manager && $is_iso ]]; then fi fi -if [[ $is_manager && $is_sensor ]]; then - check_requirements "standalone" -elif [[ $is_fleet_standalone ]]; then - check_requirements "dist" "fleet" -elif [[ $is_sensor && ! $is_eval ]]; then - check_requirements "dist" "sensor" -elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then - check_requirements "dist" -elif [[ $is_import ]]; then - check_requirements "import" -fi +if ! [ -f /root/install_opt ]; then + if [[ $is_manager && $is_sensor ]]; then + check_requirements "standalone" + elif [[ $is_fleet_standalone ]]; then + check_requirements "dist" "fleet" + elif [[ $is_sensor && ! $is_eval ]]; then + check_requirements "dist" "sensor" + elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then + check_requirements "dist" + elif [[ $is_import ]]; then + check_requirements "import" + fi -case "$setup_type" in - 'iso') - whiptail_set_hostname - whiptail_management_nic - whiptail_dhcp_or_static + case "$setup_type" in + 'iso') + whiptail_set_hostname + whiptail_management_nic + whiptail_dhcp_or_static - if [ "$address_type" != 'DHCP' ]; then - whiptail_management_interface_ip - whiptail_management_interface_mask - whiptail_management_interface_gateway - whiptail_management_interface_dns - whiptail_management_interface_dns_search - fi - ;; - 'network') - whiptail_network_notice - whiptail_dhcp_warn - whiptail_set_hostname - whiptail_management_nic - ;; -esac + if [ "$address_type" != 'DHCP' ]; then + whiptail_management_interface_ip + whiptail_management_interface_mask + whiptail_management_interface_gateway + whiptail_management_interface_dns + whiptail_management_interface_dns_search + fi + ;; + 'network') + whiptail_network_notice + whiptail_dhcp_warn + whiptail_set_hostname + whiptail_management_nic + ;; + esac -if [[ $is_minion ]]; then - whiptail_management_server -fi + if [[ $is_minion ]]; then + whiptail_management_server + fi -whiptail_management_interface_setup + whiptail_management_interface_setup -if [[ "$setup_type" == 'iso' ]]; then - # Init networking so rest of install works - set_hostname - set_management_interface -fi + if [[ "$setup_type" == 'iso' ]]; then + # Init networking so rest of install works + set_hostname + set_management_interface + fi -if [[ $is_minion || $is_import ]]; then - [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 + if [[ $is_minion ]]; then + [ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1 + fi + + if [[ $is_minion ]] && ! (compare_versions); then + info "Installer version mismatch, downloading correct version from manager" + echo "$install_type" > /root/install_opt + download_repo_tarball >> "$setup_log" 2>&1 + exec bash /root/manager_setup/securityonion/setup/so-setup "$@" + fi + +else + rm -rf /root/install_opt >> "$setup_log" 2>&1 fi short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')