Airgap SOUP changes

salt/common/tools/sbin/soup

@@ -36,6 +36,49 @@ manager_check() {
   fi
 }
 
+airgap_mounted() {
+  # Let's see if the ISO is already mounted. 
+  if [ -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
+    echo "The ISO is already mounted"
+  else
+    echo "Looks like we need to mount the ISO"
+    echo "" 
+    echo "You will need the full path of the ISO"
+    echo "Example: /home/user/securityonion-2.3.0.iso"
+    echo ""
+    read -p 'Enter the FULL path of the iso: ' ISOLOC
+    if [ ! -f $ISOLOC ]; then
+      echo "Unable to locate ISO image. Please try soup again"
+      exit 0
+    else
+      # Mounting the ISO
+      mkdir -p /tmp/soagupdate
+      mount -t iso9660 -o loop $ISOLOC /tmp/soagupdate
+      # Make sure mounting was successful
+      if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
+        echo "Something went wrong trying to mount the ISO."
+        echo "Ensure you verify the ISO that you downloaded."
+        exit 0
+      else
+        echo "ISO has been mounted!"
+      fi
+    fi
+  fi
+}
+
+check_airgap() {
+  # See if this is an airgap install
+  AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap | awk '{print $2}')
+  if [[ "$AIRGAP" == "True" ]]; then
+      is_airgap=true
+      UPDATE_DIR=/tmp/soagupdate/SecurityOnion
+      AGDOCKER=/tmp/soagupdate/docker
+      AGREPO=/tmp/soagupdate/Packages
+  else 
+      is_airgap=false
+  fi
+}
+
 clean_dockers() {
   # Place Holder for cleaning up old docker images
   echo "Trying to clean up old dockers."
@@ -63,7 +106,7 @@ clone_to_tmp() {
 
 copy_new_files() {
   # Copy new files over to the salt dir
-  cd /tmp/sogh/securityonion
+  cd $UPDATE_DIR
   rsync -a salt $DEFAULT_SALT_DIR/
   rsync -a pillar $DEFAULT_SALT_DIR/
   chown -R socore:socore $DEFAULT_SALT_DIR/
@@ -207,6 +250,19 @@ space_check() {
 }
 
 update_dockers() {
+  if [[ $is_airgap ]]; then
+    # Let's copy the tarball
+    if [ ! -f $AGDOCKER/registry.tar ]; then
+      echo "Unable to locate registry. Exiting"
+      exit 0
+    else
+      echo "Stopping the registry docker"
+      docker stop so-dockerregistry
+      docker rm so-dockerregistry
+      echo "Copying the new dockers over"
+      tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker 
+    fi
+  else
     # List all the containers
     if [ $MANAGERCHECK == 'so-import' ]; then
       TRUSTED_CONTAINERS=( \
@@ -282,7 +338,7 @@ update_dockers() {
       docker tag $IMAGEREPO/$i:$NEWVERSION $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION
       docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION 
     done
-
+  fi
     # Cleanup on Aisle 4
     clean_dockers
 
@@ -345,7 +401,7 @@ upgrade_check_salt() {
 verify_latest_update_script() {
     # Check to see if the update scripts match. If not run the new one.
     CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}')
-    GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup | awk '{print $1}')
+    GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}')
     if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then
       echo "This version of the soup script is up to date. Proceeding."
     else
@@ -377,12 +433,20 @@ done
 echo "Checking to see if this is a manager."
 echo ""
 manager_check
+echo "Checking to see if this is an airgap install"
+echo ""
+check_airgap
 echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
 echo ""
 detect_os
 echo ""
+if [[ $is_airgap ]]; then
+  # Let's mount the ISO since this is airgap
+  airgap_mounted
+else
   echo "Cloning Security Onion github repo into $UPDATE_DIR."
   clone_to_tmp
+fi
 echo ""
 echo "Verifying we have the latest soup script."
 verify_latest_update_script