From 3efaba11041df34e3bb74762241e013229c4238e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 11:04:26 -0500 Subject: [PATCH 01/14] modify soup to update soup scripts without using salt --- salt/common/init.sls | 13 ++++++++++++- salt/common/soup_scripts.sls | 23 ----------------------- salt/manager/tools/sbin/soup | 23 ++++++++--------------- 3 files changed, 20 insertions(+), 39 deletions(-) delete mode 100644 salt/common/soup_scripts.sls diff --git a/salt/common/init.sls b/salt/common/init.sls index 5f13c3893c..51836daf60 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -4,7 +4,6 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} include: - - common.soup_scripts - common.packages {% if GLOBALS.role in GLOBALS.manager_roles %} - manager.elasticsearch # needed for elastic_curl_config state @@ -134,6 +133,18 @@ common_sbin_jinja: - file_mode: 755 - template: jinja +{% if not GLOBALS.is_manager%} +# prior to 2.4.50 these scripts were in common/tools/sbin on the manager because of soup and distributed to non managers +# these two states remove the scripts from non manager nodes +remove_soup: + file.absent: + - name: /usr/sbin/soup + +remove_so-firewall: + file.absent: + - name: /usr/sbin/so-firewall +{% endif %} + so-status_script: file.managed: - name: /usr/sbin/so-status diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls deleted file mode 100644 index 041649200f..0000000000 --- a/salt/common/soup_scripts.sls +++ /dev/null @@ -1,23 +0,0 @@ -# Sync some Utilities -soup_scripts: - file.recurse: - - name: /usr/sbin - - user: root - - group: root - - file_mode: 755 - - source: salt://common/tools/sbin - - include_pat: - - so-common - - so-image-common - -soup_manager_scripts: - file.recurse: - - name: /usr/sbin - - user: root - - group: root - - file_mode: 755 - - source: salt://manager/tools/sbin - - include_pat: - - so-firewall - - so-repo-sync - - soup diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 600cb5d4e6..3254a61dd9 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -794,21 +794,14 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." - cp $UPDATE_DIR/salt/manager/tools/sbin/soup $DEFAULT_SALT_DIR/salt/manager/tools/sbin/ - cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ - cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ - cp $UPDATE_DIR/salt/manager/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/manager/tools/sbin/ - salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local - # Verify that soup scripts updated as expected - get_soup_script_hashes - if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" && "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then - echo "Succesfully updated soup scripts." - else - # When STIGs are enabled soup scripts will fail to update using --file-root --local. - # After checking that the expected hashes are not present, retry updating soup scripts using salt master. - echo "There was a problem updating soup scripts.. Trying to rerun script update" - salt-call state.apply common.soup_scripts queue=True -linfo - fi + rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup + rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall + + cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. + cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. + cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. + cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. + echo "" echo "The soup script has been modified. Please run soup again to continue the upgrade." exit 0 From 92634724c40a97612fb254d0b84c068df2cc5742 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 11:09:08 -0500 Subject: [PATCH 02/14] move rm --- salt/manager/tools/sbin/soup | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 3254a61dd9..02dd1272ba 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -794,14 +794,14 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." - rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup - rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall - cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. + rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup + rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall + echo "" echo "The soup script has been modified. Please run soup again to continue the upgrade." exit 0 From b713771494659b098f16c1d7b0eb37501721cf66 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 12:30:36 -0500 Subject: [PATCH 03/14] add back common soup_scripts state --- salt/common/soup_scripts.sls | 24 ++++++++++++++++++++++++ salt/manager/tools/sbin/soup | 10 ++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 salt/common/soup_scripts.sls diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls new file mode 100644 index 0000000000..402ad9c4a2 --- /dev/null +++ b/salt/common/soup_scripts.sls @@ -0,0 +1,24 @@ +remove_common_soup: + file.absent: + - name: /opt/so/saltstack/default/salt/common/tools/sbin/soup + +remove_common_so-firewall: + file.absent: + - name: /opt/so/saltstack/default/salt/common/tools/sbin/so-firewall + +# Sync some Utilities +soup_scripts: + file.recurse: + - name: /usr/sbin + - user: root + - group: root + - file_mode: 755 + - source: salt://common/tools/sbin + +soup_manager_scripts: + file.recurse: + - name: /usr/sbin + - user: root + - group: root + - file_mode: 755 + - source: salt://manager/tools/sbin diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 02dd1272ba..75be97928d 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -795,12 +795,14 @@ verify_latest_update_script() { else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. - cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. + #cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. - cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. + #cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. - rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup - rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall + #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup + #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall + + salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local echo "" echo "The soup script has been modified. Please run soup again to continue the upgrade." From 5c9b1ab38b052e15f363daad0e6ffc43ddd8d8fb Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 12:48:31 -0500 Subject: [PATCH 04/14] copy with cp --- salt/common/soup_scripts.sls | 27 ++++++++++++--------------- salt/manager/tools/sbin/soup | 4 ++-- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls index 402ad9c4a2..a4fafd6e34 100644 --- a/salt/common/soup_scripts.sls +++ b/salt/common/soup_scripts.sls @@ -6,19 +6,16 @@ remove_common_so-firewall: file.absent: - name: /opt/so/saltstack/default/salt/common/tools/sbin/so-firewall -# Sync some Utilities -soup_scripts: - file.recurse: - - name: /usr/sbin - - user: root - - group: root - - file_mode: 755 - - source: salt://common/tools/sbin +{% if pillar.global.airgap %} +{% set UPDATE_DIR='/tmp/soagupdate/securityonion'%} +{% else %} +{% set UPDATE_DIR='/tmp/sogh/securityonion'%} +{% endif %} -soup_manager_scripts: - file.recurse: - - name: /usr/sbin - - user: root - - group: root - - file_mode: 755 - - source: salt://manager/tools/sbin +copy_common: + cmd.run: + - name: "\cp " ~ {{ $UPDATE_DIR }} ~ "/salt/common/tools/sbin/* /usr/sbin/." + +copy_manager: + cmd.run: + - name: "\cp " ~ {{ $UPDATE_DIR }} ~ "/salt/manager/tools/sbin/* /usr/sbin/." diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 75be97928d..2dfad1bbba 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -795,9 +795,9 @@ verify_latest_update_script() { else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. - #cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. + cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. - #cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. + cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall From d7f853b5b2d48f30518b1629de03fa1bbcbd2d6d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 12:50:22 -0500 Subject: [PATCH 05/14] comment out script copy in soup --- salt/manager/tools/sbin/soup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 2dfad1bbba..75be97928d 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -795,9 +795,9 @@ verify_latest_update_script() { else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. - cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. + #cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. - cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. + #cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall From 1bde002f20a1a6f58cb78c57be8a70fd94c7689d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 12:51:53 -0500 Subject: [PATCH 06/14] update case --- salt/common/soup_scripts.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls index a4fafd6e34..346b63c968 100644 --- a/salt/common/soup_scripts.sls +++ b/salt/common/soup_scripts.sls @@ -7,7 +7,7 @@ remove_common_so-firewall: - name: /opt/so/saltstack/default/salt/common/tools/sbin/so-firewall {% if pillar.global.airgap %} -{% set UPDATE_DIR='/tmp/soagupdate/securityonion'%} +{% set UPDATE_DIR='/tmp/soagupdate/SecurityOnion'%} {% else %} {% set UPDATE_DIR='/tmp/sogh/securityonion'%} {% endif %} From 9175a7345609a58602d20bc548f9b35f4b2bd497 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 13:08:09 -0500 Subject: [PATCH 07/14] dont need $ for vars --- salt/common/soup_scripts.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls index 346b63c968..4a4fe80c86 100644 --- a/salt/common/soup_scripts.sls +++ b/salt/common/soup_scripts.sls @@ -14,8 +14,8 @@ remove_common_so-firewall: copy_common: cmd.run: - - name: "\cp " ~ {{ $UPDATE_DIR }} ~ "/salt/common/tools/sbin/* /usr/sbin/." + - name: "\cp " ~ {{ UPDATE_DIR }} ~ "/salt/common/tools/sbin/* /usr/sbin/." copy_manager: cmd.run: - - name: "\cp " ~ {{ $UPDATE_DIR }} ~ "/salt/manager/tools/sbin/* /usr/sbin/." + - name: "\cp " ~ {{ UPDATE_DIR }} ~ "/salt/manager/tools/sbin/* /usr/sbin/." From d6ac7a32869c4c1ff84ab762eb261606576e66d2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 13:31:34 -0500 Subject: [PATCH 08/14] fix the jinja --- salt/common/soup_scripts.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls index 4a4fe80c86..86042a880d 100644 --- a/salt/common/soup_scripts.sls +++ b/salt/common/soup_scripts.sls @@ -6,7 +6,7 @@ remove_common_so-firewall: file.absent: - name: /opt/so/saltstack/default/salt/common/tools/sbin/so-firewall -{% if pillar.global.airgap %} +{% if salt['pillar.get']('global:airgap') %} {% set UPDATE_DIR='/tmp/soagupdate/SecurityOnion'%} {% else %} {% set UPDATE_DIR='/tmp/sogh/securityonion'%} @@ -14,8 +14,8 @@ remove_common_so-firewall: copy_common: cmd.run: - - name: "\cp " ~ {{ UPDATE_DIR }} ~ "/salt/common/tools/sbin/* /usr/sbin/." + - name: "cp {{UPDATE_DIR}}/salt/common/tools/sbin/* /usr/sbin/." copy_manager: cmd.run: - - name: "\cp " ~ {{ UPDATE_DIR }} ~ "/salt/manager/tools/sbin/* /usr/sbin/." + - name: "cp {{UPDATE_DIR}}/salt/manager/tools/sbin/* /usr/sbin/." From 7112337c85ba0b75ac56d46da2965c0657a2cd66 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 13:52:14 -0500 Subject: [PATCH 09/14] fix copy --- salt/manager/tools/sbin/soup | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 75be97928d..b3df3eb6f4 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -794,13 +794,8 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." - cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. - #cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/. - cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. - #cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/. - - #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup - #rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall + \cp -v $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. + \cp -v $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local From 141fd49f02ec03a5639a6b2908c16d1ddbb81bd9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 14:27:22 -0500 Subject: [PATCH 10/14] use rsync --- salt/common/soup_scripts.sls | 16 ++++++++++++---- salt/manager/tools/sbin/soup | 2 -- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls index 86042a880d..b4b3504d1b 100644 --- a/salt/common/soup_scripts.sls +++ b/salt/common/soup_scripts.sls @@ -12,10 +12,18 @@ remove_common_so-firewall: {% set UPDATE_DIR='/tmp/sogh/securityonion'%} {% endif %} -copy_common: +copy_common_tools_sbin: cmd.run: - - name: "cp {{UPDATE_DIR}}/salt/common/tools/sbin/* /usr/sbin/." + - name: "rsync -avh {{UPDATE_DIR}}/salt/common/tools/sbin/* /opt/so/saltstack/default/salt/common/tools/sbin/" -copy_manager: +copy_manager_tools_sbin: cmd.run: - - name: "cp {{UPDATE_DIR}}/salt/manager/tools/sbin/* /usr/sbin/." + - name: "rsync -avh {{UPDATE_DIR}}/salt/manager/tools/sbin/* /opt/so/saltstack/default/salt/manager/tools/sbin/" + +copy_common_sbin: + cmd.run: + - name: "rsync -avh {{UPDATE_DIR}}/salt/common/tools/sbin/* /usr/sbin/" + +copy_manager_sbin: + cmd.run: + - name: "rsync -avh {{UPDATE_DIR}}/salt/manager/tools/sbin/* /usr/sbin/" diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index b3df3eb6f4..c4eef3994c 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -794,8 +794,6 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." - \cp -v $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/. - \cp -v $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/. salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local From 88786e83427ae49f236aa9f25c28f80684ec6845 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 15:05:09 -0500 Subject: [PATCH 11/14] use file.copy to preserve perms --- salt/common/soup_scripts.sls | 64 +++++++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 12 deletions(-) diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls index b4b3504d1b..8098862662 100644 --- a/salt/common/soup_scripts.sls +++ b/salt/common/soup_scripts.sls @@ -12,18 +12,58 @@ remove_common_so-firewall: {% set UPDATE_DIR='/tmp/sogh/securityonion'%} {% endif %} -copy_common_tools_sbin: - cmd.run: - - name: "rsync -avh {{UPDATE_DIR}}/salt/common/tools/sbin/* /opt/so/saltstack/default/salt/common/tools/sbin/" +copy_so-common_common_tools_sbin: + file.copy: + - name: /opt/so/saltstack/default/salt/common/tools/sbin/so-common + - source: {{UPDATE_DIR}}/salt/common/tools/sbin/so-common + - force: True + - preserve: True -copy_manager_tools_sbin: - cmd.run: - - name: "rsync -avh {{UPDATE_DIR}}/salt/manager/tools/sbin/* /opt/so/saltstack/default/salt/manager/tools/sbin/" +copy_so-image-common_common_tools_sbin: + file.copy: + - name: /opt/so/saltstack/default/salt/common/tools/sbin/so-image-common + - source: {{UPDATE_DIR}}/salt/common/tools/sbin/so-image-common + - force: True + - preserve: True -copy_common_sbin: - cmd.run: - - name: "rsync -avh {{UPDATE_DIR}}/salt/common/tools/sbin/* /usr/sbin/" +copy_soup_manager_tools_sbin: + file.copy: + - name: /opt/so/saltstack/default/salt/manager/tools/sbin/soup + - source: {{UPDATE_DIR}}/salt/manager/tools/sbin/soup + - force: True + - preserve: True -copy_manager_sbin: - cmd.run: - - name: "rsync -avh {{UPDATE_DIR}}/salt/manager/tools/sbin/* /usr/sbin/" +copy_so-firewall_manager_tools_sbin: + file.copy: + - name: /opt/so/saltstack/default/salt/manager/tools/sbin/so-firewall + - source: {{UPDATE_DIR}}/salt/manager/tools/sbin/so-firewall + - force: True + - preserve: True + +copy_so-common_sbin: + file.copy: + - name: /usr/sbin/so-common + - source: {{UPDATE_DIR}}/salt/common/tools/sbin/so-common + - force: True + - preserve: True + +copy_so-image-common_sbin: + file.copy: + - name: /usr/sbin/so-image-common + - source: {{UPDATE_DIR}}/salt/common/tools/sbin/so-image-common + - force: True + - preserve: True + +copy_soup_sbin: + file.copy: + - name: /usr/sbin/soup + - source: {{UPDATE_DIR}}/salt/manager/tools/sbin/soup + - force: True + - preserve: True + +copy_so-firewall_sbin: + file.copy: + - name: /usr/so-firewall + - source: {{UPDATE_DIR}}/salt/manager/tools/sbin/so-firewall + - force: True + - preserve: True From 468eedfaeb7288d7ed3657da18856b297fe00f29 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 15:30:24 -0500 Subject: [PATCH 12/14] add soup script update retru --- salt/manager/tools/sbin/soup | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index c4eef3994c..0e982e51fe 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -797,6 +797,14 @@ verify_latest_update_script() { salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local + get_soup_script_hashes + if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" && "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then + echo "Succesfully updated soup scripts." + else + echo "There was a problem updating soup scripts. Trying to rerun script update." + salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local + fi + echo "" echo "The soup script has been modified. Please run soup again to continue the upgrade." exit 0 From 00f2374582d915c02dab51e2710bd7fb6764caca Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 15:43:02 -0500 Subject: [PATCH 13/14] fix path for so-firewall --- salt/common/soup_scripts.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls index 8098862662..c02f111720 100644 --- a/salt/common/soup_scripts.sls +++ b/salt/common/soup_scripts.sls @@ -63,7 +63,7 @@ copy_soup_sbin: copy_so-firewall_sbin: file.copy: - - name: /usr/so-firewall + - name: /usr/sbin/so-firewall - source: {{UPDATE_DIR}}/salt/manager/tools/sbin/so-firewall - force: True - preserve: True From 2e9fa2438b01eb65f16b942ea7fdcb6009486a9f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 13 Feb 2024 16:19:50 -0500 Subject: [PATCH 14/14] add back comment --- salt/manager/tools/sbin/soup | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 0e982e51fe..8b9d4a6b33 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -797,6 +797,7 @@ verify_latest_update_script() { salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local + # Verify that soup scripts updated as expected get_soup_script_hashes if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" && "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then echo "Succesfully updated soup scripts."