diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index 547e3f9dc..ab54d634e 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -39,6 +39,11 @@ lookup_pillar_secret() {
salt-call --no-color pillar.get secrets:${key} --out=newline_values_only
}
+lookup_grain() {
+ key=$1
+ salt-call --no-color grains.get ${key} --out=newline_values_only
+}
+
check_container() {
docker ps | grep "$1:" > /dev/null 2>&1
return $?
@@ -49,3 +54,45 @@ check_password() {
echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
return $?
}
+
+set_os() {
+ if [ -f /etc/redhat-release ]; then
+ OS=centos
+ else
+ OS=ubuntu
+ fi
+}
+
+set_minionid() {
+ MINIONID=$(lookup_grain id)
+}
+
+set_version() {
+ CURRENTVERSION=0.0.0
+ if [ -f /etc/soversion ]; then
+ CURRENTVERSION=$(cat /etc/soversion)
+ fi
+ if [ -z "$VERSION" ]; then
+ if [ -z "$NEWVERSION" ]; then
+ if [ "$CURRENTVERSION" == "0.0.0" ]; then
+ echo "ERROR: Unable to detect Security Onion version; terminating script."
+ exit 1
+ else
+ VERSION=$CURRENTVERSION
+ fi
+ else
+ VERSION="$NEWVERSION"
+ fi
+ fi
+}
+
+require_manager() {
+ # Check to see if this is a manager
+ MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
+ if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ] || [ $MANAGERCHECK == 'so-import' ]; then
+ echo "This is a manager, We can proceed."
+ else
+ echo "Please run this command on the manager; the manager controls the grid."
+ exit 1
+ fi
+}
diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh
index 4706f8981..452bc3121 100755
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -18,33 +18,5 @@
. /usr/sbin/so-common
. /usr/sbin/so-image-common
-manager_check() {
- # Check to see if this is a manager
- MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
- if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ]; then
- echo "This is a manager. We can proceed"
- else
- echo "Please run soup on the manager. The manager controls all updates."
- exit 1
- fi
-}
-
-version_check() {
- if [ -f /etc/soversion ]; then
- VERSION=$(cat /etc/soversion)
- else
- echo "Unable to detect version. I will now terminate."
- exit 1
- fi
-}
-
-manager_check
-version_check
-operating_system
-
-# Use the hostname
-HOSTNAME=$(hostname)
-# List all the containers
-container_list
-CURLTYPE=refresh
-update_docker_containers
+require_manager
+update_docker_containers "refresh"
diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable
index a5bc5ff12..d64f22dc2 100755
--- a/salt/common/tools/sbin/so-features-enable
+++ b/salt/common/tools/sbin/so-features-enable
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
+. /usr/sbin/so-common
. /usr/sbin/so-image-common
local_salt_dir=/opt/so/saltstack/local
@@ -39,29 +40,14 @@ fi
echo "Please wait while switching to Elastic Features."
-manager_check() {
- # Check to see if this is a manager
- MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
- if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch')$ ]]; then
- echo "This is a manager. We can proceed"
- else
- echo "Please run so-features-enable on the manager."
- exit 0
- fi
-}
+require_manager
-manager_check
-
-VERSION=$(lookup_pillar soversion)
-# Modify global.sls to enable Features
-SUFFIX="-features"
TRUSTED_CONTAINERS=( \
"so-elasticsearch" \
"so-filebeat" \
"so-kibana" \
"so-logstash" )
+update_docker_containers "features" "-features"
-CURLTYPE=features
-update_docker_containers
-
+# Modify global.sls to enable Features
sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls
diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index 1af101f82..ef3ebb59d 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -15,16 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-# Figure out if this is soup or refresh
-set_version() {
- CURRENTVERSION=0.0.0
- if [ -f /etc/soversion ]; then
- CURRENTVERSION=$(cat /etc/soversion)
- fi
- if [ -z "$VERSION" ]; then
- VERSION="$NEWVERSION"
- fi
-}
+# NOTE: This script depends on so-common
container_list() {
MANAGERCHECK=so-unknown
@@ -97,24 +88,29 @@ container_list() {
fi
}
-operating_system() {
- if [ -f /etc/redhat-release ]; then
- OS=centos
- else
- OS=ubuntu
- fi
-}
-
update_docker_containers() {
+ CURLTYPE=$1
+ IMAGE_TAG_SUFFIX=$2
+
+ CONTAINER_REGISTRY=quay.io
+ IMAGEREPO=securityonion
+ SIGNPATH=/root/sosigs
+
+ if [ -z "$CURLTYPE" ]; then
+ CURLTYPE=unknown
+ fi
+
# Recheck the version for scenarios were the VERSION wasn't known before this script was imported
set_version
+ set_os
+
+ if [ -z "$TRUSTED_CONTAINERS" ]; then
+ container_list
+ fi
# Let's make sure we have the public key
curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -
- CONTAINER_REGISTRY=quay.io
- IMAGEREPO=securityonion
- SIGNPATH=/root/sosigs
rm -rf $SIGNPATH
mkdir -p $SIGNPATH
@@ -145,6 +141,9 @@ update_docker_containers() {
if [[ $? -eq 0 ]]; then
if [[ -z "$SKIP_TAGPUSH" ]]; then
# Tag it with the new registry destination
+ if [ -z "$HOSTNAME" ]; then
+ HOSTNAME=$(hostname)
+ fi
docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX
docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX
fi
@@ -157,5 +156,3 @@ update_docker_containers() {
done
}
-
-set_version
\ No newline at end of file
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index eb2ea3258..2500781f3 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -23,23 +23,11 @@ INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
DEFAULT_SALT_DIR=/opt/so/saltstack/default
BATCHSIZE=5
SOUP_LOG=/root/soup.log
-CURLTYPE=soup
exec 3>&1 1>${SOUP_LOG} 2>&1
-manager_check() {
- # Check to see if this is a manager
- MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
- if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch'|'so-import')$ ]]; then
- echo "This is a manager. We can proceed."
- MINIONID=$(salt-call grains.get id --out=txt|awk -F: {'print $2'}|tr -d ' ')
- else
- echo "Please run soup on the manager. The manager controls all updates."
- exit 0
- fi
-}
-
add_common() {
+ cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
salt-call state.apply common queue=True
echo "Run soup one more time"
@@ -156,17 +144,6 @@ copy_new_files() {
cd /tmp
}
-detect_os() {
- # Detect Base OS
- echo "Determining Base OS." >> "$SOUP_LOG" 2>&1
- if [ -f /etc/redhat-release ]; then
- OS="centos"
- elif [ -f /etc/os-release ]; then
- OS="ubuntu"
- fi
- echo "Found OS: $OS" >> "$SOUP_LOG" 2>&1
-}
-
highstate() {
# Run a highstate.
salt-call state.highstate -l info queue=True
@@ -413,13 +390,14 @@ done
echo "Checking to see if this is a manager."
echo ""
-manager_check
+require_manager
+set_minionid
echo "Checking to see if this is an airgap install"
echo ""
check_airgap
echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
echo ""
-detect_os
+set_os
echo ""
if [ $is_airgap -eq 0 ]; then
# Let's mount the ISO since this is airgap
@@ -454,7 +432,7 @@ if [ $is_airgap -eq 0 ]; then
airgap_update_dockers
else
container_list
- update_docker_containers
+ update_docker_containers "soup"
fi
echo ""
echo "Stopping Salt Minion service."