CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-20 06:05:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15480 from Security-Onion-Solutions/reyesj2-patch-15

Browse Source 
WIP AIRGAP SOUP
This commit is contained in:
Jorge Reyes
2026-02-12 12:08:12 -06:00
committed by GitHub
parent 9f0b6c8c7e a4aff9fc4c
commit d23507a2d3
1 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
salt/manager/tools/sbin/soup
View File

@@ -158,7 +158,7 @@ EOF
echo "Ensure you verify the ISO that you downloaded." echo "Ensure you verify the ISO that you downloaded."
exit 0 exit 0
else else
echo "Device has been mounted!" echo "Device has been mounted! $(cat /tmp/soagupdate/SecurityOnion/VERSION)"
fi fi
else else
echo "Could not find Security Onion ISO content at ${ISOLOC}" echo "Could not find Security Onion ISO content at ${ISOLOC}"
@@ -1745,20 +1745,23 @@ verify_es_version_compatibility() {
fi fi
local es_required_version_statefile_value=$(cat $es_required_version_statefile) local es_required_version_statefile_value=$(cat $es_required_version_statefile)
echo -e "\n##############################################################################################################################\n" # If statefile was created on the first soup to an unsupported ES version and the next soup is attempting to upgrade to the required version it isn't expected that the upgrade has completed so skip verification check
echo "A previously required intermediate Elasticsearch upgrade was detected. Verifying that all Searchnodes/Heavynodes have successfully upgraded Elasticsearch to $es_required_version_statefile_value before proceeding with soup to avoid potential data loss!" if [[ "$target_es_version" != "$es_required_version_statefile_value" ]]; then
# create script using version in statefile echo -e "\n##############################################################################################################################\n"
timeout --foreground 4000 bash "$es_verification_script" "$es_required_version_statefile_value" "$es_required_version_statefile" echo "A previously required intermediate Elasticsearch upgrade was detected. Verifying that all Searchnodes/Heavynodes have successfully upgraded Elasticsearch to $es_required_version_statefile_value before proceeding with soup to avoid potential data loss!"
if [[ $? -ne 0 ]]; then # create script using version in statefile
echo -e "\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" timeout --foreground 4000 bash "$es_verification_script" "$es_required_version_statefile_value" "$es_required_version_statefile"
if [[ $? -ne 0 ]]; then
echo -e "\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n"
echo "A previous required intermediate Elasticsearch upgrade to $es_required_version_statefile_value has yet to successfully complete across the grid. Please allow time for all Searchnodes/Heavynodes to have upgraded Elasticsearch to $es_required_version_statefile_value before running soup again to avoid potential data loss!" echo "A previous required intermediate Elasticsearch upgrade to $es_required_version_statefile_value has yet to successfully complete across the grid. Please allow time for all Searchnodes/Heavynodes to have upgraded Elasticsearch to $es_required_version_statefile_value before running soup again to avoid potential data loss!"
echo -e "\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" echo -e "\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n"
exit 161 exit 161
fi
echo -e "\n##############################################################################################################################\n"
fi fi
echo -e "\n##############################################################################################################################\n"
fi fi
if [[ " ${es_upgrade_map[$es_version]} " =~ " $target_es_version " || "$es_version" == "$target_es_version" ]]; then if [[ " ${es_upgrade_map[$es_version]} " =~ " $target_es_version " || "$es_version" == "$target_es_version" ]]; then
@@ -1801,11 +1804,6 @@ run_airgap_intermediate_upgrade() {
# preserve ISOLOC value, so we can try to use it post intermediate upgrade # preserve ISOLOC value, so we can try to use it post intermediate upgrade
local originally_requested_iso_location="$ISOLOC" local originally_requested_iso_location="$ISOLOC"
if [[ -d /tmp/soagupdate ]]; then
echo -e "\nUnmounting current ISO before running intermediate upgrade\n"
unmount_update
fi
echo "You can download the $next_step_so_version ISO image from https://download.securityonion.net/file/securityonion/securityonion-$next_step_so_version.iso" echo "You can download the $next_step_so_version ISO image from https://download.securityonion.net/file/securityonion/securityonion-$next_step_so_version.iso"
echo -e "\nIf you have the next ISO / USB ready, enter the path now eg. /dev/sdd, /home/onion/securityonion-$next_step_so_version.iso:" echo -e "\nIf you have the next ISO / USB ready, enter the path now eg. /dev/sdd, /home/onion/securityonion-$next_step_so_version.iso:"
@@ -2096,6 +2094,10 @@ main() {
echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
echo "" echo ""
if [[ $is_airgap -eq 0 ]] || [[ $nonairgap_useiso -eq 0 ]]; then if [[ $is_airgap -eq 0 ]] || [[ $nonairgap_useiso -eq 0 ]]; then
# Make sure we get a fresh mount of the ISO (helps with intermediate upgrades and ensuring if non-airgap soup runs with -f the correct ISO)
if [[ -d /tmp/soagupdate ]]; then
unmount_update
fi
# Let's mount the ISO since this is airgap or non-airgap with -f used # Let's mount the ISO since this is airgap or non-airgap with -f used
airgap_mounted airgap_mounted
else else