Annual fall bash cleanup event

salt/common/tools/sbin/so-common

@@ -39,6 +39,11 @@ lookup_pillar_secret() {
     salt-call --no-color  pillar.get secrets:${key} --out=newline_values_only
 }
 
+lookup_grain() {
+    key=$1
+    salt-call --no-color  grains.get ${key} --out=newline_values_only
+}
+
 check_container() {
 	docker ps | grep "$1:" > /dev/null 2>&1
 	return $?
@@ -49,3 +54,45 @@ check_password() {
     echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
     return $?
 }
+
+set_os() {
+  if [ -f /etc/redhat-release ]; then
+    OS=centos
+  else
+    OS=ubuntu
+  fi
+}
+
+set_minionid() {
+  MINIONID=$(lookup_grain id)
+}
+
+set_version() {
+  CURRENTVERSION=0.0.0
+  if [ -f /etc/soversion ]; then
+    CURRENTVERSION=$(cat /etc/soversion)
+  fi
+  if [ -z "$VERSION" ]; then
+    if [ -z "$NEWVERSION" ]; then
+      if [ "$CURRENTVERSION" == "0.0.0" ]; then
+        echo "ERROR: Unable to detect Security Onion version; terminating script."
+        exit 1
+      else
+        VERSION=$CURRENTVERSION
+      fi
+    else
+      VERSION="$NEWVERSION"
+    fi
+  fi
+}
+
+require_manager() {
+  # Check to see if this is a manager
+  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
+  if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ] || [ $MANAGERCHECK == 'so-import' ]; then
+    echo "This is a manager, We can proceed."
+  else
+    echo "Please run this command on the manager; the manager controls the grid."
+    exit 1
+  fi
+}

salt/common/tools/sbin/so-docker-refresh

@@ -18,33 +18,5 @@
 . /usr/sbin/so-common
 . /usr/sbin/so-image-common
 
-manager_check() {
+require_manager
-  # Check to see if this is a manager
+update_docker_containers "refresh"
-  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
-  if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ]; then
-    echo "This is a manager. We can proceed"
-  else
-    echo "Please run soup on the manager. The manager controls all updates."
-    exit 1
-  fi
-}
-
-version_check() {
-  if [ -f /etc/soversion ]; then
-    VERSION=$(cat /etc/soversion)
-  else
-    echo "Unable to detect version. I will now terminate."
-    exit 1
-  fi
-}
-
-manager_check
-version_check
-operating_system
-
-# Use the hostname
-HOSTNAME=$(hostname)
-# List all the containers
-container_list
-CURLTYPE=refresh
-update_docker_containers

salt/common/tools/sbin/so-features-enable

@@ -14,6 +14,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+. /usr/sbin/so-common
 . /usr/sbin/so-image-common
 local_salt_dir=/opt/so/saltstack/local
 
@@ -39,29 +40,14 @@ fi
 
 echo "Please wait while switching to Elastic Features."
 
-manager_check() {
+require_manager
-  # Check to see if this is a manager
-  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
-  if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch')$ ]]; then
-    echo "This is a manager. We can proceed"
-  else
-    echo "Please run so-features-enable on the manager."
-    exit 0
-  fi
-}
 
-manager_check
-
-VERSION=$(lookup_pillar soversion) 
-# Modify global.sls to enable Features
-SUFFIX="-features"
 TRUSTED_CONTAINERS=( \
   "so-elasticsearch" \
   "so-filebeat" \
   "so-kibana" \
   "so-logstash" )
+update_docker_containers "features" "-features"
 
-CURLTYPE=features
+# Modify global.sls to enable Features
-update_docker_containers
-
 sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls

salt/common/tools/sbin/so-image-common

@@ -15,16 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-# Figure out if this is soup or refresh
+# NOTE: This script depends on so-common
-set_version() {
-  CURRENTVERSION=0.0.0
-  if [ -f /etc/soversion ]; then
-    CURRENTVERSION=$(cat /etc/soversion)
-  fi
-  if [ -z "$VERSION" ]; then
-      VERSION="$NEWVERSION"
-  fi
-}
 
 container_list() {
     MANAGERCHECK=so-unknown
@@ -97,24 +88,29 @@ container_list() {
     fi
 }
 
-operating_system() {
-  if [ -f /etc/redhat-release ]; then
-    OS=centos
-  else
-    OS=ubuntu
-  fi
-}
-
 update_docker_containers() {
-  # Recheck the version for scenarios were the VERSION wasn't known before this script was imported
+  CURLTYPE=$1
-  set_version
+  IMAGE_TAG_SUFFIX=$2
-
-  # Let's make sure we have the public key
-  curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -
 
   CONTAINER_REGISTRY=quay.io
   IMAGEREPO=securityonion
   SIGNPATH=/root/sosigs
+  
+  if [ -z "$CURLTYPE" ]; then
+    CURLTYPE=unknown
+  fi
+
+  # Recheck the version for scenarios were the VERSION wasn't known before this script was imported
+  set_version
+  set_os
+
+  if [ -z "$TRUSTED_CONTAINERS" ]; then
+    container_list
+  fi
+
+  # Let's make sure we have the public key
+  curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -
+  
   rm -rf $SIGNPATH
   mkdir -p $SIGNPATH
 
@@ -145,6 +141,9 @@ update_docker_containers() {
     if [[ $? -eq 0 ]]; then
       if [[ -z "$SKIP_TAGPUSH" ]]; then
         # Tag it with the new registry destination
+        if [ -z "$HOSTNAME" ]; then
+          HOSTNAME=$(hostname)
+        fi
         docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX
         docker push $HOSTNAME:5000/$IMAGEREPO/$i:$VERSION$IMAGE_TAG_SUFFIX
       fi
@@ -157,5 +156,3 @@ update_docker_containers() {
   done
   
 }
-
-set_version

salt/common/tools/sbin/soup

@@ -23,23 +23,11 @@ INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
 DEFAULT_SALT_DIR=/opt/so/saltstack/default
 BATCHSIZE=5
 SOUP_LOG=/root/soup.log
-CURLTYPE=soup
 
 exec 3>&1 1>${SOUP_LOG} 2>&1
 
-manager_check() {
-  # Check to see if this is a manager
-  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
-  if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch'|'so-import')$ ]]; then
-    echo "This is a manager. We can proceed."
-    MINIONID=$(salt-call grains.get id --out=txt|awk -F: {'print $2'}|tr -d ' ')
-  else
-    echo "Please run soup on the manager. The manager controls all updates."
-    exit 0
-  fi
-}
-
 add_common() {
+  cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
   cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
   salt-call state.apply common queue=True
   echo "Run soup one more time"
@@ -156,17 +144,6 @@ copy_new_files() {
   cd /tmp
 }
 
-detect_os() {
-	# Detect Base OS
-	echo "Determining Base OS." >> "$SOUP_LOG" 2>&1
-	if [ -f /etc/redhat-release ]; then
-		OS="centos"
-	elif [ -f /etc/os-release ]; then
-		OS="ubuntu"
-	fi
-	echo "Found OS: $OS" >> "$SOUP_LOG" 2>&1
-}
-
 highstate() {
   # Run a highstate.
   salt-call state.highstate -l info queue=True
@@ -413,13 +390,14 @@ done
 
 echo "Checking to see if this is a manager."
 echo ""
-manager_check
+require_manager
+set_minionid
 echo "Checking to see if this is an airgap install"
 echo ""
 check_airgap
 echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
 echo ""
-detect_os
+set_os
 echo ""
 if [ $is_airgap -eq 0 ]; then
   # Let's mount the ISO since this is airgap
@@ -454,7 +432,7 @@ if [ $is_airgap -eq 0 ]; then
   airgap_update_dockers
 else
   container_list
-  update_docker_containers
+  update_docker_containers "soup"
 fi
 echo ""
 echo "Stopping Salt Minion service."