CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2201 from Security-Onion-Solutions/bugfix/reinstall

Browse Source 
Bugfix/reinstall
This commit is contained in:
William Wernert
2020-12-04 09:38:46 -05:00
committed by GitHub
parent 967111decc fca50660a2
commit d724fe7357
2 changed files with 159 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
setup/so-functions
View File

@@ -251,19 +251,19 @@ check_pass_match() {
fi fi
} }
# False if stopped, true if running
check_service_status() { check_service_status() {
local service_name=$1 local service_name=$1
echo "Checking service $service_name status" >> "$setup_log" 2>&1 echo "Checking service $service_name status" >> "$setup_log" 2>&1
systemctl status $service_name > /dev/null 2>&1 systemctl status $service_name > /dev/null 2>&1
local status=$? local status=$?
#true if there is an issue with the service false if it is running properly
if [ $status -gt 0 ]; then if [ $status -gt 0 ]; then
echo "$service_name is not running" >> "$setup_log" 2>&1 echo " $service_name is not running" >> "$setup_log" 2>&1
echo 1; return 1;
else else
echo "$service_name is running" >> "$setup_log" 2>&1 echo " $service_name is running" >> "$setup_log" 2>&1
echo 0; return 0;
fi fi
} }
@@ -273,28 +273,27 @@ check_salt_master_status() {
salt-call saltutil.kill_all_jobs > /dev/null 2>&1 salt-call saltutil.kill_all_jobs > /dev/null 2>&1
salt-call state.show_top > /dev/null 2>&1 salt-call state.show_top > /dev/null 2>&1
local status=$? local status=$?
#true if there is an issue talking to salt master
if [ $status -gt 0 ]; then if [ $status -gt 0 ]; then
echo 1; echo " Could not talk to salt master" >> "$setup_log" 2>&1
return 1;
else else
echo "Can talk to salt master" >> "$setup_log" 2>&1 echo " Can talk to salt master" >> "$setup_log" 2>&1
echo 0; return 0;
fi fi
} }
check_salt_minion_status() { check_salt_minion_status() {
echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1 echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1
salt "$MINION_ID" test.ping >> "$setup_log" 2>&1 salt "$MINION_ID" test.ping > /dev/null 2>&1
local status=$? local status=$?
#true if there is an issue getting a job response from the minion
if [ $status -gt 0 ]; then if [ $status -gt 0 ]; then
echo 1; echo " Minion did not respond" >> "$setup_log" 2>&1
return 1;
else else
echo "Received job response from salt minion" >> "$setup_log" 2>&1 echo " Received job response from salt minion" >> "$setup_log" 2>&1
echo 0; return 0;
fi fi
} }
check_soremote_pass() { check_soremote_pass() {
@@ -767,12 +766,12 @@ detect_os() {
disable_auto_start() { disable_auto_start() {
if crontab -l -u $INSTALLUSERNAME 2>&1 | grep so-setup > /dev/null 2>&1; then if crontab -l -u $INSTALLUSERNAME 2>&1 | grep -q so-setup; then
# Remove the automated setup script from crontab, if it exists # Remove the automated setup script from crontab, if it exists
logCmd "crontab -u $INSTALLUSERNAME -r" logCmd "crontab -u $INSTALLUSERNAME -r"
fi fi
if grep so-setup /home/$INSTALLUSERNAME/.bash_profile > /dev/null 2>&1; then if grep -q so-setup /home/$INSTALLUSERNAME/.bash_profile; then
# Truncate last line of the bash profile # Truncate last line of the bash profile
info "Removing auto-run of setup from bash profile" info "Removing auto-run of setup from bash profile"
sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1 sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
@@ -1385,12 +1384,46 @@ reserve_group_ids() {
reinstall_init() { reinstall_init() {
info "Putting system in state to run setup again" info "Putting system in state to run setup again"
if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
local salt_services=( "salt-master" "salt-minion" )
else
local salt_services=( "salt-minion" )
fi
local service_retry_count=20
{ {
# Kill any salt processes if command -v salt-call &> /dev/null; then
pkill -9 -ef /usr/bin/salt # Disable schedule so highstate doesn't start running during the install
salt-call -l info schedule.disable
# Kill any currently running salt jobs, also to prevent issues with highstate.
salt-call -l info saltutil.kill_all_jobs
fi
# Kill any salt processes (safely)
for service in "${salt_services[@]}"; do
# Stop the service in the background so we can exit after a certain amount of time
systemctl stop "$service" &
local pid=$!
local count=0
while check_service_status "$service"; do
if [[ $count -gt $service_retry_count ]]; then
echo "Could not stop $service after 1 minute, exiting setup."
# Stop the systemctl process trying to kill the service, show user a message, then exit setup
kill -9 $pid
kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
fi
sleep 5
((count++))
done
done
# Remove all salt configs # Remove all salt configs
rm -rf /etc/salt/global /etc/salt/minion /etc/salt/master /etc/salt/pki/* rm -rf /etc/salt/grains /etc/salt/minion /etc/salt/pki/*
if command -v docker &> /dev/null; then if command -v docker &> /dev/null; then
# Stop and remove all so-* containers so files can be changed with more safety # Stop and remove all so-* containers so files can be changed with more safety
@@ -1411,7 +1444,7 @@ reinstall_init() {
# Remove the old launcher package in case the config changes # Remove the old launcher package in case the config changes
remove_package launcher-final remove_package launcher-final
} >> $setup_log 2>&1 } >> "$setup_log" 2>&1
} }
backup_dir() { backup_dir() {
@@ -1608,61 +1641,59 @@ salt_checkin() {
"salt-master" \ "salt-master" \
"salt-minion" "salt-minion"
) )
local LOOP_COUNT=0 local count=0
for service in "${SALT_SERVICES[@]}"; do
echo "Stopping service $service" >> "$setup_log" 2>&1
systemctl stop "$service" >> "$setup_log" 2>&1
LOOP_COUNT=0
while ! (( $(check_service_status $service) )); do
echo "$service still running" >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 60 ]; then
echo "$service could not be stopped in 60 seconds, exiting" >> "$setup_log" 2>&1
exit 1
fi
sleep 1;
((LOOP_COUNT+=1))
done
done
sleep 5;
for service in "${SALT_SERVICES[@]}"; do for service in "${SALT_SERVICES[@]}"; do
echo "Starting service $service" >> "$setup_log" 2>&1 {
systemctl start "$service" >> "$setup_log" 2>&1 echo "Restarting service $service"
LOOP_COUNT=0 systemctl restart "$service" &
while (( $(check_service_status $service) )); do local pid=$!
echo "$service still not running" >> "$setup_log" 2>&1 } >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 60 ]; then
echo "$service could not be started in 60 seconds, exiting" >> "$setup_log" 2>&1 count=0
exit 1 while ! (check_service_status "$service"); do
# On final loop, kill the pid trying to restart service and try to manually kill then start it
if [ $count -eq 12 ]; then
{
kill -9 "$pid"
systemctl kill "$service"
systemctl start "$service" &
local pid=$!
} >> "$setup_log" 2>&1
fi fi
sleep 1;
((LOOP_COUNT+=1)) if [ $count -gt 12 ]; then
echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1
kill -9 "$pid"
kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
fi
sleep 10;
((count++))
done done
done done
sleep 5; count=0
while ! (check_salt_master_status); do
LOOP_COUNT=0
while (( $(check_salt_master_status) )); do
echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1 echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 30 ]; then if [ $count -gt 30 ]; then
echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1 echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1
exit 1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
fi fi
sleep 1; sleep 1;
((LOOP_COUNT+=1)) ((count++))
done done
LOOP_COUNT=0 count=0
while (( $(check_salt_minion_status) )); do while ! (check_salt_minion_status); do
echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 30 ]; then if [ $count -gt 30 ]; then
echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1
exit 1 kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
fi fi
systemctl kill salt-minion
systemctl start salt-minion
sleep 1; sleep 1;
((LOOP_COUNT+=1)) ((count++))
done done
echo " Confirming existence of the CA certificate" echo " Confirming existence of the CA certificate"

112
setup/so-setup
View File

@@ -428,67 +428,81 @@ whiptail_make_changes
# From here on changes will be made. # From here on changes will be made.
echo "1" > /root/accept_changes echo "1" > /root/accept_changes
if [[ $is_reinstall ]]; then # Set up handler for setup to exit early (use `kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1` in child scripts)
reinstall_init trap 'catch $LINENO' SIGUSR1
fi
if [[ -n "$TURBO" ]]; then catch() {
use_turbo_proxy info "Fatal error occurred at $1 in so-setup, failing setup."
fi whiptail_setup_failed
exit
if [[ "$setup_type" == 'iso' ]]; then }
# Init networking so rest of install works
set_hostname
set_management_interface
fi
disable_ipv6
disable_auto_start
if [[ "$setup_type" != 'iso' ]]; then
set_hostname
fi
if [[ $is_minion ]]; then
add_mngr_ip_to_hosts
fi
{
mark_version;
clear_manager;
} >> $setup_log 2>&1
if [[ $is_manager || $is_import ]]; then
{
generate_passwords;
secrets_pillar;
add_socore_user_manager;
} >> $setup_log 2>&1
fi
if [[ $is_manager && ! $is_eval ]]; then
add_soremote_user_manager >> $setup_log 2>&1
fi
# This block sets REDIRECTIT which is used by a function outside the below subshell
{ {
set_main_ip; set_main_ip;
set_redirect; set_redirect;
} >> $setup_log 2>&1 } >> $setup_log 2>&1
host_pillar >> $setup_log 2>&1
if [[ $is_minion || $is_import ]]; then
set_updates >> $setup_log 2>&1
[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
fi
# Begin install # Begin install
{ {
# Set initial percentage to 0 # Set initial percentage to 0
export percentage=0 export percentage=0
# Show initial progress message
set_progress_str 0 'Running initial configuration steps'
set_path set_path
if [[ $is_reinstall ]]; then
reinstall_init
fi
if [[ -n "$TURBO" ]]; then
use_turbo_proxy
fi
if [[ "$setup_type" == 'iso' ]]; then
# Init networking so rest of install works
set_hostname >> $setup_log 2>&1
set_management_interface
fi
disable_ipv6
disable_auto_start
if [[ "$setup_type" != 'iso' ]]; then
set_hostname >> $setup_log 2>&1
fi
if [[ $is_minion ]]; then
add_mngr_ip_to_hosts
fi
{
mark_version;
clear_manager;
} >> $setup_log 2>&1
if [[ $is_manager || $is_import ]]; then
{
generate_passwords;
secrets_pillar;
add_socore_user_manager;
} >> $setup_log 2>&1
fi
if [[ $is_manager && ! $is_eval ]]; then
add_soremote_user_manager >> $setup_log 2>&1
fi
host_pillar >> $setup_log 2>&1
if [[ $is_minion || $is_import ]]; then
set_updates >> $setup_log 2>&1
[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
fi
if [[ $is_manager && $is_airgap ]]; then if [[ $is_manager && $is_airgap ]]; then
info "Creating airgap repo" info "Creating airgap repo"
create_repo >> $setup_log 2>&1 create_repo >> $setup_log 2>&1
@@ -583,7 +597,7 @@ fi
if [[ $is_minion ]]; then if [[ $is_minion ]]; then
set_progress_str 22 'Checking if the Salt Minion needs to be updated' set_progress_str 22 'Checking if the Salt Minion needs to be updated'
salt-call state.apply salt.minion -l info >> $setup_log 2>&1 salt-call state.apply -l info salt.minion >> $setup_log 2>&1
fi fi
set_progress_str 23 'Generating CA and checking in' set_progress_str 23 'Generating CA and checking in'