From cc19b601462df1b3e95adc5d22cfb91bb5bf8f22 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 15 Oct 2024 09:32:14 -0400 Subject: [PATCH 1/4] restore services/top at start of soup --- salt/manager/tools/sbin/soup | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 091e471d4..6826bde2f 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -32,10 +32,7 @@ check_err() { if [[ $exit_code -ne 0 ]]; then set +e - systemctl_func "start" "$cron_service_name" - systemctl_func "start" "salt-master" - systemctl_func "start" "salt-minion" - enable_highstate + failed_soup_restore_items printf '%s' "Soup failed with error $exit_code: " case $exit_code in @@ -358,8 +355,12 @@ masterlock() { } masterunlock() { - echo "Unlocking Salt Master" - mv -v $BACKUPTOPFILE $TOPFILE + if [ -f $BACKUPTOPFILE ]; then + echo "Unlocking Salt Master" + mv -v $BACKUPTOPFILE $TOPFILE + else + echo "Salt Master does not need unlocked." + fi } phases_pillar_2_4_80() { @@ -1079,6 +1080,13 @@ apply_hotfix() { fi } +failed_soup_restore_items() { + systemctl_func "start" "$cron_service_name" + systemctl_func "start" "salt-master" + systemctl_func "start" "salt-minion" + enable_highstate + masterunlock +} #upgrade salt to 3004.1 #2_3_10_hotfix_1() { @@ -1118,6 +1126,8 @@ main() { echo "" require_manager + failed_soup_restore_items + check_pillar_items echo "Checking to see if this is an airgap install." From ac6637c6ab324a26d254e235346df33984cddd1c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 15 Oct 2024 09:56:50 -0400 Subject: [PATCH 2/4] set vars global --- salt/manager/tools/sbin/soup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 6826bde2f..912d8ecdb 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -19,6 +19,8 @@ SOUP_LOG=/root/soup.log WHATWOULDYOUSAYYAHDOHERE=soup whiptail_title='Security Onion UPdater' NOTIFYCUSTOMELASTICCONFIG=false +TOPFILE=/opt/so/saltstack/default/salt/top.sls +BACKUPTOPFILE=/opt/so/saltstack/default/salt/top.sls.backup # used to display messages to the user at the end of soup declare -a FINAL_MESSAGE_QUEUE=() @@ -344,8 +346,6 @@ highstate() { masterlock() { echo "Locking Salt Master" - TOPFILE=/opt/so/saltstack/default/salt/top.sls - BACKUPTOPFILE=/opt/so/saltstack/default/salt/top.sls.backup mv -v $TOPFILE $BACKUPTOPFILE echo "base:" > $TOPFILE echo " $MINIONID:" >> $TOPFILE From c46fb7e74c7366e7da02d5b60079cdee0b3fd862 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 15 Oct 2024 11:46:09 -0400 Subject: [PATCH 3/4] check if service is running before trying to start it --- salt/manager/tools/sbin/soup | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 912d8ecdb..70245d618 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -1081,9 +1081,12 @@ apply_hotfix() { } failed_soup_restore_items() { - systemctl_func "start" "$cron_service_name" - systemctl_func "start" "salt-master" - systemctl_func "start" "salt-minion" + local services=("$cron_service_name", "salt-master", "salt-minion") + for SERVICE_NAME in "${services[@]}"; do + if ! systemctl is-active --quiet "$SERVICE_NAME"; then + systemctl_func "start" "$SERVICE_NAME" + fi + done enable_highstate masterunlock } From c2e46932eed53b61c84312e07514210290e587e6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 15 Oct 2024 12:01:53 -0400 Subject: [PATCH 4/4] fix array def --- salt/manager/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 70245d618..22cf98558 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -1081,7 +1081,7 @@ apply_hotfix() { } failed_soup_restore_items() { - local services=("$cron_service_name", "salt-master", "salt-minion") + local services=("$cron_service_name" "salt-master" "salt-minion") for SERVICE_NAME in "${services[@]}"; do if ! systemctl is-active --quiet "$SERVICE_NAME"; then systemctl_func "start" "$SERVICE_NAME"