Merge pull request #13624 from Security-Onion-Solutions/esver

fix es agent update for soup

salt/common/tools/sbin/so-common

@@ -677,7 +677,8 @@ has_uppercase() {
 }
 
 update_elastic_agent() {
-	get_elastic_agent_vars
+	local path="${1:-/opt/so/saltstack/default}"
+	get_elastic_agent_vars "$path"
 	echo "Checking if Elastic Agent update is necessary..."
 	download_and_verify "$ELASTIC_AGENT_URL" "$ELASTIC_AGENT_MD5_URL" "$ELASTIC_AGENT_FILE" "$ELASTIC_AGENT_MD5" "$ELASTIC_AGENT_EXPANSION_DIR"
 }

salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-grid-upgrade

@@ -5,7 +5,7 @@
 # this file except in compliance with the Elastic License 2.0.
 
 . /usr/sbin/so-common
-{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS -%}
+{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS %}
 
 # Only run on Managers
 if ! is_manager_node; then

salt/manager/tools/sbin/soup

@@ -837,12 +837,13 @@ determine_elastic_agent_upgrade() {
   if [[ $is_airgap -eq 0 ]]; then
     update_elastic_agent_airgap
   else
-    update_elastic_agent
+    # the new elasticsearch defaults.yaml file is not yet placed in /opt/so/saltstack/default/salt/elasticsearch yet
+    update_elastic_agent "$UPDATE_DIR"
   fi
 }
 
 update_elastic_agent_airgap() {
-  get_elastic_agent_vars
+  get_elastic_agent_vars "/tmp/soagupdate/SecurityOnion"
   rsync -av /tmp/soagupdate/fleet/* /nsm/elastic-fleet/artifacts/
   tar -xf "$ELASTIC_AGENT_FILE" -C "$ELASTIC_AGENT_EXPANSION_DIR"
 }

salt/suricata/tools/sbin/so-suricata-reload-rules

@@ -7,5 +7,5 @@
 
 . /usr/sbin/so-common
 
-retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}'
-retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}'
+retry 60 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}' || fail "The Suricata container was not ready in time."
+retry 60 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}' || fail "The Suricata container was not ready in time."

setup/so-setup

@@ -759,8 +759,8 @@ if ! [[ -f $install_opt_file ]]; then
 			title "Downloading IDS Rules"
 			logCmd "so-rule-update"
 			if [[ $monints || $is_import ]]; then
-				title "Restarting Suricata to pick up the new rules"
-				logCmd "so-suricata-restart"
+				title "Applying the Suricata state to load the new rules"
+				logCmd "salt-call state.apply suricata -l info"
 			fi
 		fi
 		title "Setting up Kibana Default Space"