Merge branch 'dev' into foxtrot

# Conflicts: # salt/common/tools/sbin/soup
2025-12-20 07:53:06 +01:00 · 2021-03-17 10:23:51 -04:00
parent 129db23062 fbdb627ab7
commit c0163108ab
13 changed files with 198 additions and 88 deletions
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -19,13 +19,12 @@

 UPDATE_DIR=/tmp/sogh/securityonion
 INSTALLEDVERSION=$(cat /etc/soversion)
+POSTVERSION=$INSTALLEDVERSION
 INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
 DEFAULT_SALT_DIR=/opt/so/saltstack/default
 BATCHSIZE=5
 SOUP_LOG=/root/soup.log

-exec 3>&1 1>${SOUP_LOG} 2>&1
-
 add_common() {
  cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
  cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
@@ -101,19 +100,6 @@ update_registry() {
  salt-call state.apply registry queue=True
 }

-check_airgap() {
-  # See if this is an airgap install
-  AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}')
-  if [[ "$AIRGAP" == "True" ]]; then
-    is_airgap=0
-    UPDATE_DIR=/tmp/soagupdate/SecurityOnion
-    AGDOCKER=/tmp/soagupdate/docker
-    AGREPO=/tmp/soagupdate/Packages
-  else 
-    is_airgap=1
-  fi
-}
-
 check_sudoers() {
 	if grep -q "so-setup" /etc/sudoers; then
 		echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"."
@@ -243,27 +229,35 @@ masterunlock() {
  fi
 }

-playbook() {
-  echo "Applying playbook settings"
-  if [[ "$INSTALLEDVERSION" =~ rc.1 ]]; then
-    salt-call state.apply playbook.OLD_db_init
-    rm -f /opt/so/rules/elastalert/playbook/*.yaml
-    so-playbook-ruleupdate >> /root/soup_playbook_rule_update.log 2>&1 &
-  fi
-  if [[ "$INSTALLEDVERSION" != 2.3.30 ]]; then
-    so-playbook-sigma-refresh >> /root/soup_playbook_sigma_refresh.log 2>&1 &
-  fi
+preupgrade_changes() {
+    # This function is to add any new pillar items if needed.
+    echo "Checking to see if changes are needed."
+
+    [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2
+    [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3
+    [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0
+    [[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_2.3.0_to_2.3.20
+    [[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_2.3.2X_to_2.3.30
 }

-pillar_changes() {
-  # This function is to add any new pillar items if needed.
-  echo "Checking to see if pillar changes are needed."
-  
-  [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2
-  [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3
-  [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0
-  [[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_2.3.0_to_2.3.20
-  [[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_2.3.2X_to_2.3.30
+postupgrade_changes() {
+    # This function is to add any new pillar items if needed.
+    echo "Running post upgrade processes."
+    
+    [[ "$POSTVERSION" =~ rc.1 ]] && post_rc1_to_rc2
+    [[ "$POSTVERSION" == 2.3.20 || "$POSTVERSION" == 2.3.21 ]] && post_2.3.2X_to_2.3.30
+}
+
+post_rc1_to_2.3.21() {
+  salt-call state.apply playbook.OLD_db_init
+  rm -f /opt/so/rules/elastalert/playbook/*.yaml
+  so-playbook-ruleupdate >> /root/soup_playbook_rule_update.log 2>&1 &
+  POSTVERSION=2.3.21
+}
+
+post_2.3.2X_to_2.3.30() {
+  so-playbook-sigma-refresh >> /root/soup_playbook_sigma_refresh.log 2>&1 &
+  POSTVERSION=2.3.30
 }

 rc1_to_rc2() {
@@ -408,16 +402,26 @@ up_2.3.2X_to_2.3.30() {
  check_log_size_limit
 }

-space_check() {
-  # Check to see if there is enough space
+verify_upgradespace() {
  CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
  if [ "$CURRENTSPACE" -lt "10" ]; then
-    echo "You are low on disk space. Upgrade will try and clean up space.";
-    clean_dockers
+      echo "You are low on disk space."
+      return 1
  else
-    echo "Plenty of space for upgrading"
+      return 0
  fi
-  
+}
+
+upgrade_space() {
+  if ! verify_upgradespace; then
+    clean_dockers
+    if ! verify_upgradespace; then
+      echo "There is not enough space to perform the upgrade. Please free up space and try again"
+      exit 1
+    fi
+  else
+      echo "You have enough space for upgrade. Proceeding with soup."
+  fi  
 }

 thehive_maint() {
@@ -546,6 +550,7 @@ verify_latest_update_script() {
 }

 main () {
+echo "### Preparing soup at `date` ###"
 while getopts ":b" opt; do
  case "$opt" in
    b ) # process option b
@@ -572,6 +577,8 @@ check_airgap
 echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
 echo ""
 set_os
+set_palette
+check_elastic_license
 echo ""
 if [ $is_airgap -eq 0 ]; then
  # Let's mount the ISO since this is airgap
@@ -598,7 +605,7 @@ fi

 echo "Let's see if we need to update Security Onion."
 upgrade_check
-space_check
+upgrade_space

 echo "Checking for Salt Master and Minion updates."
 upgrade_check_salt
@@ -648,8 +655,7 @@ else
  echo ""
 fi

-echo "Making pillar changes."
-pillar_changes
+preupgrade_changes
 echo ""

 if [ $is_airgap -eq 0 ]; then
@@ -703,7 +709,7 @@ echo "Starting Salt Master service."
 systemctl start salt-master
 echo "Running a highstate. This could take several minutes."
 salt-call state.highstate -l info queue=True
-playbook
+postupgrade_changes
 unmount_update
 thehive_maint

@@ -740,6 +746,7 @@ NUM_MINIONS=$(ls /opt/so/saltstack/local/pillar/minions/*_*.sls | wc -l)
 if [ $NUM_MINIONS -gt 1 ]; then

 	cat << EOF
+	
 This appears to be a distributed deployment. Other nodes should update themselves at the next Salt highstate (typically within 15 minutes). Do not manually restart anything until you know that all the search/heavy nodes in your deployment are updated. This is especially important if you are using true clustering for Elasticsearch.

 Each minion is on a random 15 minute check-in period and things like network bandwidth can be a factor in how long the actual upgrade takes. If you have a heavy node on a slow link, it is going to take a while to get the containers to it. Depending on what changes happened between the versions, Elasticsearch might not be able to talk to said heavy node until the update is complete.
@@ -750,7 +757,23 @@ For more information, please see https://docs.securityonion.net/en/2.3/soup.html
 EOF

 fi
-
+echo "### soup has been served at `date` ###"
 }

-main "$@" | tee /dev/fd/3
+cat << EOF
+
+SOUP - Security Onion UPdater
+
+Please review the following for more information about the update process and recent updates:
+https://docs.securityonion.net/soup
+https://blog.securityonion.net
+
+Please note that soup only updates Security Onion components and does NOT update the underlying operating system (OS). When you installed Security Onion, there was an option to automatically update the OS packages. If you did not enable this option, then you will want to ensure that the OS is fully updated before running soup.
+
+Press Enter to continue or Ctrl-C to cancel.
+
+EOF
+
+read input
+
+main "$@" | tee -a $SOUP_LOG