{% import_yaml 'salt/minion.defaults.yaml' as SALT_MINION_DEFAULTS -%} #!/bin/bash # # Copyright 2014-2022 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # this script checks the time the file /opt/so/log/salt/state-apply-test was last modified and restarts the salt-minion service if it is outside a threshold date/time # the file is modified via file.touch using a scheduled job healthcheck.salt-minion.state-apply-test that runs a state.apply. # by default the file should be updated every 5-8 minutes. # this allows us to test that the minion is able apply states and communicate with the master # if the file is unable to be touched via the state.apply, then we assume there is a possibilty that the minion is hung (though it could be possible the master is down as well) # we then stop the service, pkill salt-minion, the start the salt-minion service back up . /usr/sbin/so-common QUIET=false UPTIME_REQ=1800 #in seconds, how long the box has to be up before considering restarting salt-minion due to /opt/so/log/salt/state-apply-test not being touched CURRENT_TIME=$(date +%s) SYSTEM_START_TIME=$(date -d "$(> "/opt/so/log/salt/so-salt-minion-check" } log() { msg=$1 level=${2:-I} now=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ") if ! $QUIET; then echo $msg fi echo -e "$now | $level | $msg" >> "/opt/so/log/salt/so-salt-minion-check" 2>&1 } error() { log "$1" "E" } info() { log "$1" "I" } usage() { cat <