From 79da9f9f2c011dbfb868cc02071b703666b3afb1 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 1 Jun 2026 11:26:52 -0500
Subject: [PATCH 1/5] check if there is a version or hotfix to upgrade to
 before verifiying elasticsearch compatibility

---
 salt/manager/tools/sbin/soup | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index ba76d2a3e..eb7818cf1 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1606,11 +1606,12 @@ main() {
   echo "Verifying we have the latest soup script."
   verify_latest_update_script
 
+  echo "Let's see if we need to update Security Onion."
+  upgrade_check
+
   echo "Verifying Elasticsearch version compatibility across the grid before upgrading."
   verify_es_version_compatibility
 
-  echo "Let's see if we need to update Security Onion."
-  upgrade_check
   upgrade_space
 
   echo "Checking for Salt Master and Minion updates."

From 3c533cccbce84fab75b6c96ef69933816c3bcd77 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 1 Jun 2026 11:28:59 -0500
Subject: [PATCH 2/5] and after free space check

---
 salt/manager/tools/sbin/soup | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index eb7818cf1..a62a39b40 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1608,12 +1608,11 @@ main() {
 
   echo "Let's see if we need to update Security Onion."
   upgrade_check
+  upgrade_space
 
   echo "Verifying Elasticsearch version compatibility across the grid before upgrading."
   verify_es_version_compatibility
 
-  upgrade_space
-
   echo "Checking for Salt Master and Minion updates."
   upgrade_check_salt
   set -e

From f2996fb888c5db9bd9740ae0cc5a922330b8ea6b Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 1 Jun 2026 11:52:35 -0500
Subject: [PATCH 3/5] use so-config-backup script in soup

---
 salt/backup/tools/sbin/so-config-backup.jinja |  6 ++++--
 salt/manager/tools/sbin/soup                  | 14 ++++----------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/salt/backup/tools/sbin/so-config-backup.jinja b/salt/backup/tools/sbin/so-config-backup.jinja
index 7f65bbba3..8d214e665 100755
--- a/salt/backup/tools/sbin/so-config-backup.jinja
+++ b/salt/backup/tools/sbin/so-config-backup.jinja
@@ -25,9 +25,11 @@ if [ ! -f $BACKUPFILE ]; then
   # Create empty backup file
   tar -cf $BACKUPFILE -T /dev/null
 
-  # Loop through all paths defined in global.sls, and append them to backup file
+  # Loop through all paths defined in global.sls, and append them to backup file if they exist
   {%- for LOCATION in BACKUPLOCATIONS %}
-  tar -rf $BACKUPFILE "${EXCLUSIONS[@]}" {{ LOCATION }}
+  if [[ -d {{ LOCATION }} || -f {{ LOCATION }} ]]; then
+    tar -rf $BACKUPFILE "${EXCLUSIONS[@]}" {{ LOCATION }}
+  fi
   {%- endfor %}
 
 fi
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 135c51276..7874bf7b2 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -188,13 +188,6 @@ airgap_update_dockers() {
   fi
 }
 
-backup_old_states_pillars() {
-
-	tar czf /nsm/backup/$(echo $INSTALLEDVERSION)_$(date +%Y%m%d-%H%M%S)_soup_default_states_pillars.tar.gz /opt/so/saltstack/default/
-	tar czf /nsm/backup/$(echo $INSTALLEDVERSION)_$(date +%Y%m%d-%H%M%S)_soup_local_states_pillars.tar.gz /opt/so/saltstack/local/
-
-}
-
 update_registry() {
   docker stop so-dockerregistry
   docker rm so-dockerregistry
@@ -1670,7 +1663,8 @@ main() {
     echo "Applying $HOTFIXVERSION hotfix"
     # since we don't run the backup.config_backup state on import we wont snapshot previous version states and pillars
     if [[ ! "$MINION_ROLE" == "import" ]]; then
-      backup_old_states_pillars
+        echo "Running so-config-backup script."
+        /sbin/so-config-backup
     fi
     copy_new_files
     create_local_directories "/opt/so/saltstack/default"
@@ -1726,8 +1720,8 @@ main() {
     # since we don't run the backup.config_backup state on import we wont snapshot previous version states and pillars
     if [[ ! "$MINION_ROLE" == "import" ]]; then
       echo ""
-      echo "Creating snapshots of default and local Salt states and pillars and saving to /nsm/backup/"
-      backup_old_states_pillars
+      echo "Running so-config-backup script."
+      /sbin/so-config-backup
     fi
 
     echo ""

From f9c2579261b0785024b0ba09a33329e1a96642e2 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 1 Jun 2026 12:04:33 -0500
Subject: [PATCH 4/5] remove logstash pipeline rename from hotfix moving to
 up_to_3.2.0

---
 salt/manager/tools/sbin/soup | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 135c51276..ede301648 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -769,6 +769,8 @@ bootstrap_so_soc_database() {
 }
 
 up_to_3.2.0() {
+  fix_logstash_0013_lumberjack_pipeline_name
+
   INSTALLEDVERSION=3.2.0
 }
 
@@ -1566,13 +1568,7 @@ EOF
 
 # Keeping this block in case we need to do a hotfix that requires salt update
 apply_hotfix() {
-    if [[ "$INSTALLEDVERSION" == "3.1.0" ]] ; then
-       # Do not remove this fix_logstash_0013_lumberjack_pipeline_name in future hotfixes without first validating older
-       #  installs referencing "so/0013_input_lumberjack_fleet.conf" via pillar are upgradable
-       fix_logstash_0013_lumberjack_pipeline_name
-    else
-        echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
-    fi
+    echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
 }
 
 failed_soup_restore_items() {

From 559465b40783ca3baa7265b1ac4dcd71e0ea32c9 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 1 Jun 2026 12:05:09 -0500
Subject: [PATCH 5/5] run elastic agent gen installers script in post_to_3.2.0

---
 salt/manager/tools/sbin/soup | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index ede301648..1416f2ba3 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -777,6 +777,10 @@ up_to_3.2.0() {
 post_to_3.2.0() {
   bootstrap_so_soc_database
 
+  # Including agent regen script here since it was missed in post_to_3.1.0
+  echo "Regenerating Elastic Agent Installers"
+  /sbin/so-elastic-agent-gen-installers
+
   POSTVERSION=3.2.0
 }