Merge pull request #7011 from Security-Onion-Solutions/fix/reinstall

https://github.com/Security-Onion-Solutions/securityonion/issues/7010

salt/ca/remove.sls

@@ -0,0 +1,7 @@
+pki_private_key:
+  file.absent:
+    - name: /etc/pki/ca.key
+
+pki_public_ca_crt:
+  file.absent:
+    - name: /etc/pki/ca.crt

salt/influxdb/init.sls

@@ -84,6 +84,8 @@ wait_for_influxdb:
     - retry:
         attempts: 5
         interval: 60
+    - require:
+      - docker_container: so-influxdb
 
 telegraf_database:
   influxdb_database.present:

salt/ssl/init.sls

@@ -56,17 +56,17 @@ m2cryptopkgs:
 removefbcertdir:
   file.absent:
     - name: /etc/pki/filebeat.crt 
-    - onlyif: "[ -d /etc/pki/filebeat.crt ]"
+    - onlyif: "test -d /etc/pki/filebeat.crt"
 
 removefbp8dir:
   file.absent:
     - name: /etc/pki/filebeat.p8 
-    - onlyif: "[ -d /etc/pki/filebeat.p8 ]"
+    - onlyif: "test -d /etc/pki/filebeat.p8"
 
 removeesp12dir:
   file.absent:
     - name: /etc/pki/elasticsearch.p12
-    - onlyif: "[ -d /etc/pki/elasticsearch.p12 ]"
+    - onlyif: "test -d /etc/pki/elasticsearch.p12"
     
 influxdb_key:
   x509.private_key_managed:

salt/ssl/remove.sls

@@ -0,0 +1,69 @@
+trusttheca:
+  file.absent:
+    - name: /etc/ssl/certs/intca.crt
+
+influxdb_key:
+  file.absent:
+    - name: /etc/pki/influxdb.key
+
+influxdb_crt:
+  file.absent:
+    - name: /etc/pki/influxdb.crt
+
+redis_key:
+  file.absent:
+    - name: /etc/pki/redis.key
+
+redis_crt:
+  file.absent:
+    - name: /etc/pki/redis.crt
+
+etc_filebeat_key:
+  file.absent:
+    - name: /etc/pki/filebeat.key
+
+etc_filebeat_crt:
+  file.absent:
+    - name: /etc/pki/filebeat.crt
+
+filebeatdir:
+  file.absent:
+    - name: /opt/so/saltstack/local/salt/filebeat/files
+
+registry_key:
+  file.absent:
+    - name: /etc/pki/registry.key
+
+registry_crt:
+  file.absent:
+    - name: /etc/pki/registry.crt
+
+/etc/pki/elasticsearch.key:
+  file.absent: []
+
+/etc/pki/elasticsearch.crt:
+  file.absent: []
+
+remove_elasticsearch.p12:
+  file.absent:
+    - name: /etc/pki/elasticsearch.p12
+
+managerssl_key:
+  file.absent:
+    - name: /etc/pki/managerssl.key
+
+managerssl_crt:
+  file.absent:
+    - name: /etc/pki/managerssl.crt
+
+fleet_key:
+  file.absent:
+    - name: /etc/pki/fleet.key
+
+fleet_crt:
+  file.absent:
+    - name: /etc/pki/fleet.crt
+
+fbcertdir:
+  file.absent:
+    - name: /opt/so/conf/filebeat/etc/pki

setup/so-functions

@@ -2049,9 +2049,6 @@ reserve_ports() {
 
 reinstall_init() {
 	info "Putting system in state to run setup again"
-	
-	# remove all of root's cronjobs
-	crontab -r -u root
 
 	if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
 		local salt_services=( "salt-master" "salt-minion" )
@@ -2062,6 +2059,9 @@ reinstall_init() {
 	local service_retry_count=20
 
 	{
+		# remove all of root's cronjobs
+		logCmd "crontab -r -u root"
+
 		if command -v salt-call &> /dev/null && grep -q "master:" /etc/salt/minion 2> /dev/null; then
 			# Disable schedule so highstate doesn't start running during the install
 			salt-call -l info schedule.disable --local
@@ -2091,6 +2091,9 @@ reinstall_init() {
 			done
 		done
 
+		logCmd "salt-call state.apply ca.remove -linfo --local --file-root=../salt"
+		logCmd "salt-call state.apply ssl.remove -linfo --local --file-root=../salt"
+
 		# Remove all salt configs
 		rm -rf /etc/salt/engines/* /etc/salt/grains /etc/salt/master /etc/salt/master.d/* /etc/salt/minion /etc/salt/minion.d/* /etc/salt/pki/* /etc/salt/proxy /etc/salt/proxy.d/* /var/cache/salt/
 
@@ -2122,10 +2125,13 @@ reinstall_init() {
 		remove_package launcher-final
 
 		if [[ $OS == 'ubuntu' ]]; then
+			info "Unholding previously held packages."
 			apt-mark unhold $(apt-mark showhold)
 		fi
 
 	} >> "$setup_log" 2>&1
+
+	info "System reinstall init has been completed."
 }
 
 reset_proxy() {

setup/so-setup

@@ -968,10 +968,11 @@ if [[ $success != 0 ]]; then SO_ERROR=1; fi
 
 # Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox
 # Ignore "Status .* was not found" due to output from salt http.query or http.wait_for_successful_query states used with retry
-if grep -E "ERROR|Result: False" $setup_log | grep -qvE "Status .* was not found" || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then 
+# Uncaught exception, closing connection|Exception in callback None - this is seen during influxdb / http.wait_for_successful_query state for ubuntu reinstall
+if grep -E "ERROR|Result: False" $setup_log | grep -qvE "Status .* was not found|An exception occurred in this state|Uncaught exception, closing connection|Exception in callback None" || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then
 	SO_ERROR=1
 
-	grep --color=never "ERROR" "$setup_log" | grep -qvE "Status .* was not found" > "$error_log"
+	grep --color=never "ERROR" "$setup_log" | grep -qvE "Status .* was not found|An exception occurred in this state|Uncaught exception, closing connection|Exception in callback None" > "$error_log"
 fi
 
 if [[ -n $SO_ERROR ]]; then