[feat] Compare setup version to manager, dl tarball + exec on mismatch

setup/so-functions

@@ -518,6 +518,14 @@ check_requirements() {
 	fi
 }
 
+compare_versions() {
+	manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion)
+	export manager_ver
+
+	[[ "$manager_ver" == "$SOVERSION" ]]
+	return
+}
+
 configure_network_sensor() {
 	echo "Setting up sensor interface" >> "$setup_log" 2>&1
 	local nic_error=0
@@ -913,6 +921,18 @@ docker_seed_registry() {
 
 }
 
+download_repo_tarball() {
+	scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/new_setup
+	
+	# Fail if the file doesn't download
+	if ! [ -f /root/new_setup/"$manager_ver".tar.gz ]; then
+		kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+	fi
+	
+	tar -xzf /root/new_setup/"$manager_ver".tar.gz -C /root/new_setup/securityonion
+	rm -rf /root/new_setup/"$manager_ver".tar.gz
+}
+
 fireeye_pillar() {
 
 	local fireeye_pillar_path=$local_salt_dir/pillar/fireeye

setup/so-setup

@@ -54,6 +54,10 @@ while [[ $# -gt 0 ]]; do
 	esac
 done
 
+if ! [ -f /root/install_opt ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then
+	exec bash /root/manager_setup/securityonion/setup/so-setup "$@"
+fi
+
 if [[ -f /root/accept_changes ]]; then
 	is_reinstall=true
 
@@ -62,13 +66,16 @@ if [[ -f /root/accept_changes ]]; then
 	mv "$error_log" "$error_log.bak"
 fi
 
-# Begin Installation pre-processing
-parse_install_username
 
-title "Initializing Setup"
-info "Installing as the $INSTALLUSERNAME user"
+if ! [ -f /root/install_opt ]; then
+	# Begin Installation pre-processing
+	parse_install_username
 
-analyze_system
+	title "Initializing Setup"
+	info "Installing as the $INSTALLUSERNAME user"
+
+	analyze_system
+fi
 
 automated=no
 function progress() {
@@ -145,14 +152,18 @@ if [ "$automated" == no ]; then
 	fi
 fi
 
-if (whiptail_you_sure); then
+if ! [ -f /root/install_opt ]; then
+	if (whiptail_you_sure); then
 		true
-else
-	echo "User cancelled setup." | tee $setup_log
+	else
+		echo "User cancelled setup." | tee "$setup_log"
 		whiptail_cancel
-fi
+	fi
 
-whiptail_install_type
+	whiptail_install_type
+else
+	install_type=$(cat /root/install_opt)
+fi
 
 if [ "$install_type" = 'EVAL' ]; then
 	is_node=true
@@ -204,7 +215,6 @@ if [[ "$setup_type" == 'iso' ]]; then
 fi
 
 # Check if this is an airgap install
-
 if [[ $is_manager && $is_iso ]]; then
 	whiptail_airgap
 	if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
@@ -212,19 +222,20 @@ if [[ $is_manager && $is_iso ]]; then
 	fi
 fi
 
-if [[ $is_manager && $is_sensor ]]; then
+if ! [ -f /root/install_opt ]; then
+	if [[ $is_manager && $is_sensor ]]; then
 		check_requirements "standalone"
-elif [[ $is_fleet_standalone ]]; then
+	elif [[ $is_fleet_standalone ]]; then
 		check_requirements "dist" "fleet"
-elif [[ $is_sensor && ! $is_eval ]]; then
+	elif [[ $is_sensor && ! $is_eval ]]; then
 		check_requirements "dist" "sensor"
-elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
+	elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
 		check_requirements "dist"
-elif [[ $is_import ]]; then
+	elif [[ $is_import ]]; then
 		check_requirements "import"
-fi
+	fi
 
-case "$setup_type" in
+	case "$setup_type" in
 		'iso')
 			whiptail_set_hostname
 			whiptail_management_nic
@@ -244,22 +255,33 @@ case "$setup_type" in
 			whiptail_set_hostname
 			whiptail_management_nic
 			;;
-esac
+	esac
 
-if [[ $is_minion ]]; then
+	if [[ $is_minion ]]; then
 		whiptail_management_server
-fi
+	fi
 
-whiptail_management_interface_setup
+	whiptail_management_interface_setup
 
-if [[ "$setup_type" == 'iso' ]]; then
+	if [[ "$setup_type" == 'iso' ]]; then
 		# Init networking so rest of install works
 		set_hostname
 		set_management_interface
-fi
+	fi
 
-if [[ $is_minion || $is_import ]]; then
+	if [[ $is_minion ]]; then
 		[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
+	fi
+
+	if [[ $is_minion ]] && ! (compare_versions); then
+		info "Installer version mismatch, downloading correct version from manager"
+		echo "$install_type" > /root/install_opt
+		download_repo_tarball >> "$setup_log" 2>&1
+		exec bash /root/manager_setup/securityonion/setup/so-setup "$@"
+	fi
+
+else
+	rm -rf /root/install_opt >> "$setup_log" 2>&1
 fi
 
 short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')