From b14670030349a2747a00ace665568ab5f51ac47b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 17 Nov 2020 15:36:25 -0500 Subject: [PATCH 1/2] [feat] Remove so-setup permission from sudoers file after iso setup Closes #1701 --- salt/common/tools/sbin/soup | 7 +++++++ setup/so-functions | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 0453ea29d..db806a443 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -191,6 +191,7 @@ pillar_changes() { [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 + [[ "$INSTALLEDVERSION" =~ 2.3.2 ]] && up_2.3.2_to_2.3.10 } @@ -292,6 +293,12 @@ unmount_update() { umount /tmp/soagupdate } +up_2.3.2_to_2.3.10() { + if grep -q "so-setup" /etc/sudoers; then + echo "[ INFO ] There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." + fi +} + update_centos_repo() { # Update the files in the repo echo "Syncing new updates to /nsm/repo" diff --git a/setup/so-functions b/setup/so-functions index bd2c05179..c21f8407a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1019,6 +1019,10 @@ install_cleanup() { # If Mysql is running stop it /usr/sbin/so-mysql-stop + if [[ $install_type == 'iso' ]]; then + info "Removing so-setup permission entry from sudoers file" + sed -i '/so-setup/d' /etc/sudoers + fi } import_registry_docker() { From ee3708a428a9561ac12fa302addd045b32f19c70 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 17 Nov 2020 15:44:20 -0500 Subject: [PATCH 2/2] [fix] Move sudoers check in soup to correct place + fix styling issue --- salt/common/tools/sbin/soup | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index db806a443..42e6c2637 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -114,6 +114,12 @@ check_airgap() { fi } +check_sudoers() { + if grep -q "so-setup" /etc/sudoers; then + echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." + fi +} + clean_dockers() { # Place Holder for cleaning up old docker images echo "Trying to clean up old dockers." @@ -191,8 +197,6 @@ pillar_changes() { [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 - [[ "$INSTALLEDVERSION" =~ 2.3.2 ]] && up_2.3.2_to_2.3.10 - } rc1_to_rc2() { @@ -293,11 +297,6 @@ unmount_update() { umount /tmp/soagupdate } -up_2.3.2_to_2.3.10() { - if grep -q "so-setup" /etc/sudoers; then - echo "[ INFO ] There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." - fi -} update_centos_repo() { # Update the files in the repo @@ -468,7 +467,7 @@ fi echo "Checking if Salt was upgraded." echo "" # Check that Salt was upgraded, should be 3 'salt' packages on a manager node. salt-minion, salt-master and salt or salt-common depending on Ubuntu or CentOS. we could add salt-syndic in the future so checking that there are at least 3 packages -if [[ `rpm -qa | grep salt | grep $NEWSALTVERSION | wc -l` < 3 ]]; then +if [[ $(rpm -qa | grep salt | grep -c $NEWSALTVERSION) -lt 3 ]]; then echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG." echo "Once the issue is resolved, run soup again." echo "Exiting." @@ -531,6 +530,8 @@ if [ "$UPGRADESALT" == "1" ]; then echo "" fi +check_sudoers + } main "$@" | tee /dev/fd/3