diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index e4582a524..87777c97c 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -36,6 +36,49 @@ manager_check() { fi } +airgap_mounted() { + # Let's see if the ISO is already mounted. + if [ -f /tmp/soagupdate/SecurityOnion/VERSION ]; then + echo "The ISO is already mounted" + else + echo "Looks like we need to mount the ISO" + echo "" + echo "You will need the full path of the ISO" + echo "Example: /home/user/securityonion-2.3.0.iso" + echo "" + read -p 'Enter the FULL path of the iso: ' ISOLOC + if [ ! -f $ISOLOC ]; then + echo "Unable to locate ISO image. Please try soup again" + exit 0 + else + # Mounting the ISO + mkdir -p /tmp/soagupdate + mount -t iso9660 -o loop $ISOLOC /tmp/soagupdate + # Make sure mounting was successful + if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then + echo "Something went wrong trying to mount the ISO." + echo "Ensure you verify the ISO that you downloaded." + exit 0 + else + echo "ISO has been mounted!" + fi + fi + fi +} + +check_airgap() { + # See if this is an airgap install + AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap | awk '{print $2}') + if [[ "$AIRGAP" == "True" ]]; then + is_airgap=true + UPDATE_DIR=/tmp/soagupdate/SecurityOnion + AGDOCKER=/tmp/soagupdate/docker + AGREPO=/tmp/soagupdate/Packages + else + is_airgap=false + fi +} + clean_dockers() { # Place Holder for cleaning up old docker images echo "Trying to clean up old dockers." @@ -63,7 +106,7 @@ clone_to_tmp() { copy_new_files() { # Copy new files over to the salt dir - cd /tmp/sogh/securityonion + cd $UPDATE_DIR rsync -a salt $DEFAULT_SALT_DIR/ rsync -a pillar $DEFAULT_SALT_DIR/ chown -R socore:socore $DEFAULT_SALT_DIR/ @@ -207,6 +250,19 @@ space_check() { } update_dockers() { + if [[ $is_airgap ]]; then + # Let's copy the tarball + if [ ! -f $AGDOCKER/registry.tar ]; then + echo "Unable to locate registry. Exiting" + exit 0 + else + echo "Stopping the registry docker" + docker stop so-dockerregistry + docker rm so-dockerregistry + echo "Copying the new dockers over" + tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker + fi + else # List all the containers if [ $MANAGERCHECK == 'so-import' ]; then TRUSTED_CONTAINERS=( \ @@ -282,7 +338,7 @@ update_dockers() { docker tag $IMAGEREPO/$i:$NEWVERSION $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION done - + fi # Cleanup on Aisle 4 clean_dockers @@ -345,7 +401,7 @@ upgrade_check_salt() { verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}') - GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup | awk '{print $1}') + GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}') if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then echo "This version of the soup script is up to date. Proceeding." else @@ -377,12 +433,20 @@ done echo "Checking to see if this is a manager." echo "" manager_check +echo "Checking to see if this is an airgap install" +echo "" +check_airgap echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" detect_os echo "" -echo "Cloning Security Onion github repo into $UPDATE_DIR." -clone_to_tmp +if [[ $is_airgap ]]; then + # Let's mount the ISO since this is airgap + airgap_mounted +else + echo "Cloning Security Onion github repo into $UPDATE_DIR." + clone_to_tmp +fi echo "" echo "Verifying we have the latest soup script." verify_latest_update_script