[feat] Compare setup version to manager, dl tarball + exec on mismatch

setup/so-functions

@@ -518,6 +518,14 @@ check_requirements() {
 	fi
 }
 
+compare_versions() {
+	manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion)
+	export manager_ver
+
+	[[ "$manager_ver" == "$SOVERSION" ]]
+	return
+}
+
 configure_network_sensor() {
 	echo "Setting up sensor interface" >> "$setup_log" 2>&1
 	local nic_error=0
@@ -913,6 +921,18 @@ docker_seed_registry() {
 
 }
 
+download_repo_tarball() {
+	scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/new_setup
+	
+	# Fail if the file doesn't download
+	if ! [ -f /root/new_setup/"$manager_ver".tar.gz ]; then
+		kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+	fi
+	
+	tar -xzf /root/new_setup/"$manager_ver".tar.gz -C /root/new_setup/securityonion
+	rm -rf /root/new_setup/"$manager_ver".tar.gz
+}
+
 fireeye_pillar() {
 
 	local fireeye_pillar_path=$local_salt_dir/pillar/fireeye

setup/so-setup

@@ -54,6 +54,10 @@ while [[ $# -gt 0 ]]; do
 	esac
 done
 
+if ! [ -f /root/install_opt ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then
+	exec bash /root/manager_setup/securityonion/setup/so-setup "$@"
+fi
+
 if [[ -f /root/accept_changes ]]; then
 	is_reinstall=true
 
@@ -62,6 +66,8 @@ if [[ -f /root/accept_changes ]]; then
 	mv "$error_log" "$error_log.bak"
 fi
 
+
+if ! [ -f /root/install_opt ]; then
 	# Begin Installation pre-processing
 	parse_install_username
 
@@ -69,6 +75,7 @@ title "Initializing Setup"
 	info "Installing as the $INSTALLUSERNAME user"
 
 	analyze_system
+fi
 
 automated=no
 function progress() {
@@ -145,14 +152,18 @@ if [ "$automated" == no ]; then
 	fi
 fi
 
+if ! [ -f /root/install_opt ]; then
 	if (whiptail_you_sure); then
 		true
 	else
-	echo "User cancelled setup." | tee $setup_log
+		echo "User cancelled setup." | tee "$setup_log"
 		whiptail_cancel
 	fi
 
 	whiptail_install_type
+else
+	install_type=$(cat /root/install_opt)
+fi
 
 if [ "$install_type" = 'EVAL' ]; then
 	is_node=true
@@ -204,7 +215,6 @@ if [[ "$setup_type" == 'iso' ]]; then
 fi
 
 # Check if this is an airgap install
-
 if [[ $is_manager && $is_iso ]]; then
 	whiptail_airgap
 	if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
@@ -212,6 +222,7 @@ if [[ $is_manager && $is_iso ]]; then
 	fi
 fi
 
+if ! [ -f /root/install_opt ]; then
 	if [[ $is_manager && $is_sensor ]]; then
 		check_requirements "standalone"
 	elif [[ $is_fleet_standalone ]]; then
@@ -258,10 +269,21 @@ if [[ "$setup_type" == 'iso' ]]; then
 		set_management_interface
 	fi
 
-if [[ $is_minion || $is_import ]]; then
+	if [[ $is_minion ]]; then
 		[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
 	fi
 
+	if [[ $is_minion ]] && ! (compare_versions); then
+		info "Installer version mismatch, downloading correct version from manager"
+		echo "$install_type" > /root/install_opt
+		download_repo_tarball >> "$setup_log" 2>&1
+		exec bash /root/manager_setup/securityonion/setup/so-setup "$@"
+	fi
+
+else
+	rm -rf /root/install_opt >> "$setup_log" 2>&1
+fi
+
 short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
 
 MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')