CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow template loads to partially succeed only on the initial attempt

Browse Source
This commit is contained in:
Jason Ertel
2023-11-08 10:32:11 -05:00
parent 653fda124f
commit d256be3eb3
2 changed files with 57 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/common/tools/sbin/so-common
View File

@@ -397,6 +397,10 @@ retry() {
echo "<Start of output>" echo "<Start of output>"
echo "$output" echo "$output"
echo "<End of output>" echo "<End of output>"
if [[ $exitcode -eq 0 ]]; then
echo "Forcing exit code to 1"
exitcode=1
fi
fi fi
elif [ -n "$failedOutput" ]; then elif [ -n "$failedOutput" ]; then
if [[ "$output" =~ "$failedOutput" ]]; then if [[ "$output" =~ "$failedOutput" ]]; then
@@ -405,7 +409,7 @@ retry() {
echo "$output" echo "$output"
echo "<End of output>" echo "<End of output>"
if [[ $exitcode -eq 0 ]]; then if [[ $exitcode -eq 0 ]]; then
echo "The exitcode was 0, but we are setting to 1 since we found $failedOutput in the output." echo "Forcing exit code to 1"
exitcode=1 exitcode=1
fi fi
else else

64
salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-templates-load
View File

@@ -7,8 +7,42 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{%- set SUPPORTED_PACKAGES = salt['pillar.get']('elasticfleet:packages', default=ELASTICFLEETDEFAULTS.elasticfleet.packages, merge=True) %} {%- set SUPPORTED_PACKAGES = salt['pillar.get']('elasticfleet:packages', default=ELASTICFLEETDEFAULTS.elasticfleet.packages, merge=True) %}
if [ ! -f /opt/so/state/estemplates.txt ]; then STATE_FILE_INITIAL=/opt/so/state/estemplates_initial_load_attempt.txt
echo "State file /opt/so/state/estemplates.txt not found. Running so-elasticsearch-templates-load." STATE_FILE_SUCCESS=/opt/so/state/estemplates.txt
if [[ -f $STATE_FILE_INITIAL ]]; then
# The initial template load has already run. As this is a subsequent load, all dependencies should
# already be satisified. Therefore, immediately exit/abort this script upon any template load failure
# since this is an unrecoverable failure.
should_exit_on_failure=1
else
# This is the initial template load, and there likely are some components not yet setup in Elasticsearch.
# Therefore load as many templates as possible at this time and if an error occurs proceed to the next
# template. But if at least one template fails to load do not mark the templates as having been loaded.
# This will allow the next load to resume the load of the templates that failed to load initially.
should_exit_on_failure=0
echo "This is the initial template load"
fi
load_failures=0
load_template() {
uri=$1
file=$2
echo "Loading template file $i"
if ! retry 3 5 "so-elasticsearch-query $uri -d@$file -XPUT" "{\"acknowledged\":true}"; then
if [[ $should_exit_on_failure -eq 1 ]]; then
fail "Could not load template file: $file"
else
load_failures=$((load_failures+1))
echo "Incremented load failure counter: $load_failures"
fi
fi
}
if [ ! -f $STATE_FILE_SUCCESS ]; then
echo "State file $STATE_FILE_SUCCESS not found. Running so-elasticsearch-templates-load."
. /usr/sbin/so-common . /usr/sbin/so-common
@@ -44,13 +78,14 @@ if [ ! -f /opt/so/state/estemplates.txt ]; then
fi fi
{% endif %} {% endif %}
touch $STATE_FILE_INITIAL
cd ${ELASTICSEARCH_TEMPLATES}/component/ecs cd ${ELASTICSEARCH_TEMPLATES}/component/ecs
echo "Loading ECS component templates..." echo "Loading ECS component templates..."
for i in *; do for i in *; do
TEMPLATE=$(echo $i | cut -d '.' -f1) TEMPLATE=$(echo $i | cut -d '.' -f1)
echo "$TEMPLATE-mappings" load_template "_component_template/${TEMPLATE}-mappings" "$i"
retry 24 5 "so-elasticsearch-query _component_template/${TEMPLATE}-mappings -d@$i -XPUT | grep '{\"acknowledged\":true}'" || fail "Could not load template: $TEMPLATE-mappings"
done done
echo echo
@@ -64,8 +99,7 @@ if [ ! -f /opt/so/state/estemplates.txt ]; then
{% endif %} {% endif %}
for i in $component_pattern; do for i in $component_pattern; do
TEMPLATE=${i::-5} TEMPLATE=${i::-5}
echo "$TEMPLATE" load_template "_component_template/$TEMPLATE" "$i"
retry 24 5 "so-elasticsearch-query _component_template/$TEMPLATE -d@$i -XPUT | grep '{\"acknowledged\":true}'" || fail "Could not load template: $TEMPLATE"
done done
echo echo
@@ -75,8 +109,7 @@ if [ ! -f /opt/so/state/estemplates.txt ]; then
echo "Loading Security Onion component templates..." echo "Loading Security Onion component templates..."
for i in *; do for i in *; do
TEMPLATE=$(echo $i | cut -d '.' -f1); TEMPLATE=$(echo $i | cut -d '.' -f1);
echo "$TEMPLATE" load_template "_component_template/$TEMPLATE" "$i"
retry 24 5 "so-elasticsearch-query _component_template/$TEMPLATE -d@$i -XPUT | grep '{\"acknowledged\":true}'" || fail "Could not load template: $TEMPLATE"
done done
echo echo
@@ -92,9 +125,8 @@ if [ ! -f /opt/so/state/estemplates.txt ]; then
{% endif %} {% endif %}
for i in $pattern; do for i in $pattern; do
TEMPLATE=${i::-14} TEMPLATE=${i::-14}
echo "$TEMPLATE" load_template "_index_template/$TEMPLATE" "$i"
retry 60 5 "so-elasticsearch-query _index_template/$TEMPLATE -d@$i -XPUT" "{\"acknowledged\":true}" || fail "Could not load template: $TEMPLATE" done
done
else else
{% if GLOBALS.role == 'so-heavynode' %} {% if GLOBALS.role == 'so-heavynode' %}
echo "Common template does not exist. Exiting..." echo "Common template does not exist. Exiting..."
@@ -105,5 +137,13 @@ if [ ! -f /opt/so/state/estemplates.txt ]; then
fi fi
cd - >/dev/null cd - >/dev/null
touch /opt/so/state/estemplates.txt
if [[ $load_failures -eq 0 ]]; then
echo "All template loaded successfully"
touch $STATE_FILE_SUCCESS
else
echo "Encountered $load_failures templates that were unable to load, likely due to missing dependencies that will be available later; will retry on next highstate"
fi
else
echo "Templates already loaded"
fi fi