From 0fc6f7b0229f524d42fe5627506ce8695e1eaa3d Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 12 Jul 2022 15:34:24 -0400 Subject: [PATCH 1/3] Add check for Elasticsearch 6 indices --- salt/common/tools/sbin/soup | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 80b36885e..3188b7dd6 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -393,6 +393,18 @@ es_version_check() { fi } +es_indices_check() { + echo "Checking for unsupported Elasticsearch indices..." + UNSUPPORTED_INDICES=$(for INDEX in $(so-elasticsearch-indices-list | awk '{print $3}'); do so-elasticsearch-query $INDEX/_settings?human |grep '"created_string":"7' | jq -r 'keys'[0]; done) + if [ -z "$UNSUPPORTED_INDICES" ]; then + echo "No unsupported indices found." + else + echo "The following indices were created with Elasticsearch 6, and are not supported when upgrading to Elasticsearch 8. These indices may need to be deleted, migrated, or re-indexed before proceeding with the upgrade. Please see https://docs.securityonion.net/en/2.3/elasticsearch.html for more details." + echo + echo "$UNSUPPORTED_INDICES" + exit 0 +} + generate_and_clean_tarballs() { local new_version new_version=$(cat $UPDATE_DIR/VERSION) @@ -1157,6 +1169,7 @@ main() { echo "Verifying we have the latest soup script." verify_latest_update_script es_version_check + es_indices_check echo "" set_palette check_elastic_license From 4502182b53ba08c5b60bf2c0854b4b46b2197b2b Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 12 Jul 2022 15:35:46 -0400 Subject: [PATCH 2/3] Typo - Ensure Elasticsearch version 6 indices are checked --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 3188b7dd6..a165ddf54 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -395,7 +395,7 @@ es_version_check() { es_indices_check() { echo "Checking for unsupported Elasticsearch indices..." - UNSUPPORTED_INDICES=$(for INDEX in $(so-elasticsearch-indices-list | awk '{print $3}'); do so-elasticsearch-query $INDEX/_settings?human |grep '"created_string":"7' | jq -r 'keys'[0]; done) + UNSUPPORTED_INDICES=$(for INDEX in $(so-elasticsearch-indices-list | awk '{print $3}'); do so-elasticsearch-query $INDEX/_settings?human |grep '"created_string":"6' | jq -r 'keys'[0]; done) if [ -z "$UNSUPPORTED_INDICES" ]; then echo "No unsupported indices found." else From d0a0ca8458e2c12b0153cc284f7a678e9f32ff7f Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 12 Jul 2022 16:15:44 -0400 Subject: [PATCH 3/3] Update exit code for ES checks --- salt/common/tools/sbin/soup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a165ddf54..d900e465a 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -389,7 +389,7 @@ es_version_check() { echo "Otherwise, if your deployment is configured for airgap, you can instead download the 2.3.130 ISO image from https://download.securityonion.net/file/securityonion/securityonion-2.3.130-20220607.iso." echo "" echo "*** Once you have updated to 2.3.130, you can then update to 2.3.140 or higher as you would normally. ***" - exit 0 + exit 1 fi } @@ -402,7 +402,7 @@ es_indices_check() { echo "The following indices were created with Elasticsearch 6, and are not supported when upgrading to Elasticsearch 8. These indices may need to be deleted, migrated, or re-indexed before proceeding with the upgrade. Please see https://docs.securityonion.net/en/2.3/elasticsearch.html for more details." echo echo "$UNSUPPORTED_INDICES" - exit 0 + exit 1 } generate_and_clean_tarballs() {