CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[fix] Correct ordering of setup commands

Browse Source 
Firewall must be updated before checking in to salt,
and schedule state must run before copying minion temp files to master
This commit is contained in:
William Wernert
2020-05-04 09:36:17 -04:00
parent c4741043e9
commit eb2c432f22
1 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
setup/so-setup
View File

@@ -299,36 +299,45 @@ export percentage=0
master_pillar 2>> "$setup_log" master_pillar 2>> "$setup_log"
fi fi
set_progress_str 14 'Running first Salt checkin' set_progress_str 14 'Configuring firewall'
set_initial_firewall_policy 2>> "$setup_log"
set_progress_str 15 "$(print_salt_state_apply 'firewall')"
salt-call state.apply -l info firewall >> $setup_log 2>&1
set_progress_str 16 'Running first Salt checkin'
salt_firstcheckin 2>> "$setup_log" salt_firstcheckin 2>> "$setup_log"
if [[ $is_helix ]]; then if [[ $is_helix ]]; then
set_progress_str 15 'Generating the FireEye pillar' set_progress_str 17 'Generating the FireEye pillar'
fireeye_pillar 2>> "$setup_log" fireeye_pillar 2>> "$setup_log"
fi fi
set_progress_str 16 'Copying minion pillars to master' set_progress_str 18 "$(print_salt_state_apply 'schedule')"
salt-call state.apply -l info schedule >> $setup_log 2>&1
set_progress_str 19 'Copying minion pillars to master'
copy_minion_tmp_files 2>> "$setup_log" copy_minion_tmp_files 2>> "$setup_log"
if [[ $is_node ]]; then if [[ $is_node ]]; then
set_progress_str 17 'Setting node type' set_progress_str 20 'Setting node type'
set_node_type 2>> "$setup_log" set_node_type 2>> "$setup_log"
set_progress_str 18 'Generating search node pillar' set_progress_str 21 'Generating search node pillar'
node_pillar 2>> "$setup_log" node_pillar 2>> "$setup_log"
fi fi
if [[ $is_minion ]]; then if [[ $is_minion ]]; then
set_progress_str 19 'Accepting Salt key on master' set_progress_str 22 'Accepting Salt key on master'
accept_salt_key_remote 2>> "$setup_log" accept_salt_key_remote 2>> "$setup_log"
fi fi
if [[ $is_master ]]; then if [[ $is_master ]]; then
set_progress_str 19 'Accepting Salt key' set_progress_str 23 'Accepting Salt key'
salt-key -ya "$MINION_ID" >> "$setup_log" 2>&1 salt-key -ya "$MINION_ID" >> "$setup_log" 2>&1
fi fi
set_progress_str 20 'Generating CA and checking in' set_progress_str 24 'Generating CA and checking in'
salt_checkin 2>> "$setup_log" salt_checkin 2>> "$setup_log"
if [[ $is_master || $is_helix ]]; then if [[ $is_master || $is_helix ]]; then
@@ -337,12 +346,6 @@ export percentage=0
docker_seed_registry 2>> "$setup_log" # ~ 60% when finished docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
fi fi
set_progress_str 61 'Configuring firewall'
set_initial_firewall_policy 2>> "$setup_log"
set_progress_str 62 "$(print_salt_state_apply 'firewall')"
salt-call state.apply -l info firewall >> $setup_log 2>&1
set_progress_str 63 "$(print_salt_state_apply 'common')" set_progress_str 63 "$(print_salt_state_apply 'common')"
salt-call state.apply -l info common >> $setup_log 2>&1 salt-call state.apply -l info common >> $setup_log 2>&1
@@ -428,9 +431,6 @@ export percentage=0
salt-call state.apply -l info filebeat >> $setup_log 2>&1 salt-call state.apply -l info filebeat >> $setup_log 2>&1
fi fi
set_progress_str 84 "$(print_salt_state_apply 'schedule')"
salt-call state.apply -l info schedule >> $setup_log 2>&1
set_progress_str 85 'Applying finishing touches' set_progress_str 85 'Applying finishing touches'
filter_unused_nics 2>> "$setup_log" filter_unused_nics 2>> "$setup_log"
network_setup 2>> "$setup_log" network_setup 2>> "$setup_log"