From cbd59ed86a5815d17e6d5205e75f668b9e31f146 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Mon, 14 Dec 2020 20:46:31 -0500 Subject: [PATCH] SOUP Changes --- salt/common/files/daemon.json | 12 +++++++++++ salt/common/init.sls | 9 ++++++++ salt/common/tools/sbin/soup | 39 +++++++++++++++++++++++++++++++++++ salt/docker_clean/init.sls | 2 +- setup/so-functions | 1 + setup/so-setup | 2 +- setup/so-whiptail | 2 +- 7 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 salt/common/files/daemon.json diff --git a/salt/common/files/daemon.json b/salt/common/files/daemon.json new file mode 100644 index 000000000..bc047bc80 --- /dev/null +++ b/salt/common/files/daemon.json @@ -0,0 +1,12 @@ +{%- set DOCKERRANGE = salt['pillar.get']('docker:range') %} +{%- set DOCKERBIND = salt['pillar.get']('docker:bip') %} +{ + "registry-mirrors": [ "https://:5000" ], + "bip": "{{ DOCKERBIND }}", + "default-address-pools": [ + { + "base" : "{{ DOCKERRANGE }}", + "size" : 24 + } + ] +} \ No newline at end of file diff --git a/salt/common/init.sls b/salt/common/init.sls index 1192923b7..337103fd9 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -244,10 +244,19 @@ commonlogrotateconf: - dayweek: '*' {% endif %} +# Manager daemon.json +docker_daemon: + file.managed: + - source: salt://common/files/daemon.json + - name: /etc/docker/daemon.json + - template: jinja + # Make sure Docker is always running docker: service.running: - enable: True + - watch: + - file: docker_daemon {% else %} diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index ca840de59..21076ba3d 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -197,6 +197,7 @@ pillar_changes() { [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 + [[ "$INSTALLEDVERSION" == 2.3.0 ]] || [[ "$INSTALLEDVERSION" == 2.3.1 ]] || [[ "$INSTALLEDVERSION" == 2.3.2 ]] || [[ "$INSTALLEDVERSION" == 2.3.10 ]] && 2.3.0_to_2.3.20 } rc1_to_rc2() { @@ -278,6 +279,44 @@ rc3_to_2.3.0() { echo "playbook_admin: $(get_random_value)" echo "playbook_automation: $(get_random_value)" } >> /opt/so/saltstack/local/pillar/secrets.sls + + INSTALLEDVERSION=2.3.0 +} + +2.3.0_to_2.3.20(){ + # Remove PCAP from global + sed '/pcap:/d' /opt/so/saltstack/local/pillar/global.sls + sed '/sensor_checkin_interval_ms:/d' /opt/so/saltstack/local/pillar/global.sls + + # Add checking interval to glbal + echo "sensoroni:" >> /opt/so/saltstack/local/pillar/global.sls + echo " node_checkin_interval_ms: 10000" >> /opt/so/saltstack/local/pillar/global.sls + + # Update pillar fiels for new sensoroni functionality + for file in /opt/so/saltstack/local/pillat/minions/*; do + echo "sensoroni:" >> $file + echo " node_description:" >> $file + local SOMEADDRESS=$(cat $file | grep mainip | tail -n 1 | awk '{print $2'}) + echo " node_address: $SOMEADDRESS" >> $file + done + + # Remove old firewall config to reduce confusion + rm -f /opt/so/saltstack/default/pillar/firewall/ports.sls + + # Fix daemon.json by managing it + echo "docker:" >> /opt/so/saltstack/local/pillar/global.sls + DOCKERGREP=$(cat /etc/docker/daemon.json | grep base | awk {'print $3'} | cut -f1 -d"/") + if [ -z "$DOCKERGREP" ]; then + echo " range: '172.17.0.0/24'" >> /opt/so/saltstack/local/pillar/global.sls + echo " bip: '172.17.0.1/24'" >> /opt/so/saltstack/local/pillar/global.sls + else + DOCKERSTUFF="${DOCKERGREP//\"}" + DOCKERSTUFFBIP=$(echo $DOCKERSTUFF | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 + echo " range: '$DOCKERSTUFF'/24" >> /opt/so/saltstack/local/pillar/global.sls + echo " bip: '$DOCKERSTUFFBIP'" >> /opt/so/saltstack/local/pillar/global.sls + + fi + } space_check() { diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls index 61499cdb5..9c5ce0d17 100644 --- a/salt/docker_clean/init.sls +++ b/salt/docker_clean/init.sls @@ -1,6 +1,6 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1']%} +{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%} {% for VERSION in OLDVERSIONS %} remove_images_{{ VERSION }}: diff --git a/setup/so-functions b/setup/so-functions index 3ff66be30..83d9525f3 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -898,6 +898,7 @@ docker_registry() { echo "Setting up Docker Registry" >> "$setup_log" 2>&1 mkdir -p /etc/docker >> "$setup_log" 2>&1 + # This will get applied so docker can attempt to start if [ -z "$DOCKERNET" ]; then DOCKERNET=172.17.0.0 fi diff --git a/setup/so-setup b/setup/so-setup index 73e66d058..d6566bdd3 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -338,7 +338,6 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then fi whiptail_homenet_manager -whiptail_dockernet_check if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then set_base_heapsizes @@ -373,6 +372,7 @@ fi if [[ $is_manager ]]; then whiptail_components_adv_warning whiptail_enable_components + whiptail_dockernet_check fi if [[ $is_manager || $is_import ]]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index 791cceb76..63acadc90 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -426,7 +426,7 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a /24 network range for docker to use: \nThe same range MUST be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + "\nEnter a /24 size network range for docker to use WITHOUT the /24 notation: \nThis range will be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus