CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support for image key/sig retries

Browse Source
This commit is contained in:
Jason Ertel
2021-01-29 11:18:06 -05:00
parent 194f480017
commit c055427e40
3 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/common/tools/sbin/so-common
View File

@@ -228,23 +228,23 @@ retry() {
attempt=0
while [[ $attempt -lt $maxAttempts ]]; do
attempt=$((attempt+1))
info "Executing command with retry support: $cmd"
echo "Executing command with retry support: $cmd"
output=$($cmd)
info "Results: $output"
exitcode=$?
echo "Results: $output ($exitcode)"
if [ -n "$expectedOutput" ]; then
if [[ "$output" =~ "$expectedOutput" ]]; then
return $exitCode
else
info "Expected '$expectedOutput' but got '$output'"
echo "Expected '$expectedOutput' but got '$output'"
fi
elif [[ $exitcode -eq 0 ]]; then
return $exitCode
fi
info "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
sleep $sleepDelay
done
error "Command continues to fail; giving up."
echo "Command continues to fail; giving up."
return 1
}

11
salt/common/tools/sbin/so-image-common
View File

@@ -127,7 +127,14 @@ update_docker_containers() {
fi
# Let's make sure we have the public key
curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - >> "$LOG_FILE" 2>&1
retry 50 10 "curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -o /tmp/sig.key" >> "$LOG_FILE" 2>&1
result=$?
if [[ $result -eq 0 ]]; then
cat /tmp/sig.key | gpg --import - >> "$LOG_FILE" 2>&1
else
echo "Failed to pull signature key file: $result"
exit 1
fi
rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1
mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1
@@ -146,7 +153,7 @@ update_docker_containers() {
docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1
# Get signature
curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig >> "$LOG_FILE" 2>&1
retry 50 10 "curl -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig" >> "$LOG_FILE" 2>&1
if [[ $? -ne 0 ]]; then
echo "Unable to pull signature file for $image" >> "$LOG_FILE" 2>&1
exit 1

4
setup/so-setup
View File

@@ -652,12 +652,12 @@ set_redirect >> $setup_log 2>&1
if [[ $is_minion ]]; then
set_progress_str 20 'Accepting Salt key on manager'
retry 20 10 accept_salt_key_remote "going to be accepted"
retry 20 10 accept_salt_key_remote "going to be accepted" >> $setup_log 2>&1
fi
if [[ $is_manager || $is_import || $is_helix ]]; then
set_progress_str 20 'Accepting Salt key'
retry 20 10 "salt-key -ya $MINION_ID" "going to be accepted"
retry 20 10 "salt-key -ya $MINION_ID" "going to be accepted" >> $setup_log 2>&1
fi
set_progress_str 21 'Copying minion pillars to manager'