mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #9393 from Security-Onion-Solutions/jertel/soup23200
Move Kratos DB to /nsm
This commit is contained in:
Jason Ertel
GitHub
@@ -67,7 +67,5 @@ peer:
|
||||
reactor:
|
||||
- 'so/fleet':
|
||||
- salt://reactor/fleet.sls
|
||||
- 'salt/beacon/*/watch_sqlite_db//opt/so/conf/kratos/db/sqlite.db':
|
||||
- salt://reactor/kratos.sls
|
||||
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ if [ ! -f $BACKUPFILE ]; then
|
||||
{%- endfor %}
|
||||
tar -rf $BACKUPFILE /etc/pki
|
||||
tar -rf $BACKUPFILE /etc/salt
|
||||
tar -rf $BACKUPFILE /opt/so/conf/kratos
|
||||
tar -rf $BACKUPFILE /nsm/kratos
|
||||
|
||||
fi
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ email=$2
|
||||
role=$3
|
||||
|
||||
kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434/admin}
|
||||
databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
|
||||
databasePath=${KRATOS_DB_PATH:-/nsm/kratos/db/db.sqlite}
|
||||
databaseTimeout=${KRATOS_DB_TIMEOUT:-5000}
|
||||
bcryptRounds=${BCRYPT_ROUNDS:-12}
|
||||
elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
|
||||
|
||||
@@ -551,6 +551,7 @@ preupgrade_changes() {
|
||||
[[ "$INSTALLEDVERSION" == 2.3.180 ]] && up_to_2.3.181
|
||||
[[ "$INSTALLEDVERSION" == 2.3.181 ]] && up_to_2.3.182
|
||||
[[ "$INSTALLEDVERSION" == 2.3.182 ]] && up_to_2.3.190
|
||||
[[ "$INSTALLEDVERSION" == 2.3.190 ]] && up_to_2.3.200
|
||||
true
|
||||
}
|
||||
|
||||
@@ -574,6 +575,7 @@ postupgrade_changes() {
|
||||
[[ "$POSTVERSION" == 2.3.180 ]] && post_to_2.3.181
|
||||
[[ "$POSTVERSION" == 2.3.181 ]] && post_to_2.3.182
|
||||
[[ "$POSTVERSION" == 2.3.182 ]] && post_to_2.3.190
|
||||
[[ "$POSTVERSION" == 2.3.190 ]] && post_to_2.3.200
|
||||
|
||||
true
|
||||
}
|
||||
@@ -692,6 +694,11 @@ post_to_2.3.190() {
|
||||
POSTVERSION=2.3.190
|
||||
}
|
||||
|
||||
post_to_2.3.200() {
|
||||
echo "Nothing to do for .200"
|
||||
POSTVERSION=2.3.200
|
||||
}
|
||||
|
||||
stop_salt_master() {
|
||||
# kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
|
||||
set +e
|
||||
@@ -1005,6 +1012,23 @@ up_to_2.3.190() {
|
||||
INSTALLEDVERSION=2.3.190
|
||||
}
|
||||
|
||||
up_to_2.3.200() {
|
||||
echo "Upgrading to 2.3.200"
|
||||
if [ ! -d /nsm/kratos ]; then
|
||||
mkdir /nsm/kratos
|
||||
chown -R kratos:kratos /nsm/kratos
|
||||
chmod 700 /nsm/kratos
|
||||
fi
|
||||
if [ ! -d /nsm/kratos/db ]; then
|
||||
echo "Moving Kratos DB to /nsm partition..."
|
||||
mv /opt/so/conf/kratos/db /nsm/kratos/
|
||||
echo "Move completed successfully"
|
||||
else
|
||||
echo "WARNING: /nsm/kratos/db already exists. This is unexpected and could result in SOC users no longer being able to login."
|
||||
fi
|
||||
INSTALLEDVERSION=2.3.200
|
||||
}
|
||||
|
||||
verify_upgradespace() {
|
||||
CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
|
||||
if [ "$CURRENTSPACE" -lt "10" ]; then
|
||||
@@ -1202,14 +1226,14 @@ verify_latest_update_script() {
|
||||
if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" && "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then
|
||||
echo "This version of the soup script is up to date. Proceeding."
|
||||
else
|
||||
echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete"
|
||||
echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete."
|
||||
cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/
|
||||
cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
|
||||
cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
|
||||
cp $UPDATE_DIR/salt/common/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/common/tools/sbin/
|
||||
salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local
|
||||
echo ""
|
||||
echo "soup has been updated. Please run soup again."
|
||||
echo "The soup script has been modified. Please run soup again to continue the upgrade."
|
||||
exit 0
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -20,9 +20,18 @@ kratos:
|
||||
|
||||
kratosdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/kratos/db
|
||||
- name: /nsm/kratos
|
||||
- user: 928
|
||||
- group: 928
|
||||
- mode: 700
|
||||
- makedirs: True
|
||||
|
||||
kratosdbdir:
|
||||
file.directory:
|
||||
- name: /nsm/kratos/db
|
||||
- user: 928
|
||||
- group: 928
|
||||
- mode: 700
|
||||
- makedirs: True
|
||||
|
||||
kratoslogdir:
|
||||
@@ -58,7 +67,7 @@ so-kratos:
|
||||
- /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro
|
||||
- /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro
|
||||
- /opt/so/log/kratos/:/kratos-log:rw
|
||||
- /opt/so/conf/kratos/db:/kratos-data:rw
|
||||
- /nsm/kratos/db:/kratos-data:rw
|
||||
- port_bindings:
|
||||
- 0.0.0.0:4433:4433
|
||||
- 0.0.0.0:4434:4434
|
||||
|
||||
@@ -118,7 +118,7 @@ add_soremote_user_manager() {
|
||||
}
|
||||
|
||||
add_web_user() {
|
||||
wait_for_file /opt/so/conf/kratos/db/db.sqlite 30 5
|
||||
wait_for_file /nsm/kratos/db/db.sqlite 30 5
|
||||
{
|
||||
echo "Attempting to add administrator user for web interface...";
|
||||
export SKIP_STATE_APPLY=true
|
||||
@@ -2181,6 +2181,7 @@ reinstall_init() {
|
||||
# Backup directories in /nsm to prevent app errors
|
||||
backup_dir /nsm/mysql "$date_string"
|
||||
backup_dir /nsm/wazuh "$date_string"
|
||||
backup_dir /nsm/kratos "$date_string"
|
||||
|
||||
# Remove the old launcher package in case the config changes
|
||||
remove_package launcher-final
|
||||
|
||||
Reference in New Issue
Block a user