Skip to content

Commit

Permalink
Merge pull request #11328 from Security-Onion-Solutions/fix/checkreq
Browse files Browse the repository at this point in the history
improvents for checking system requirements
  • Loading branch information
m0duspwnens authored Sep 15, 2023
2 parents af68af7 + c65c977 commit 26da525
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 46 deletions.
58 changes: 43 additions & 15 deletions setup/so-functions
Original file line number Diff line number Diff line change
Expand Up @@ -707,36 +707,64 @@ checkin_at_boot() {
}

check_requirements() {
local standalone_or_dist=$1
local node_type=$2 # optional
local req_mem
local req_cores
local req_storage
local nic_list
readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g' | sed -r 's/(.*)(\.[0-9]+)@\1/\1\2/g')"
local num_nics=${#nic_list[@]}

if [[ "$standalone_or_dist" == 'standalone' ]]; then
if [[ $is_eval ]]; then
req_mem=12
req_cores=4
req_nics=2
elif [[ "$standalone_or_dist" == 'dist' ]]; then
req_mem=8
elif [[ $is_standalone ]]; then
req_mem=24
req_cores=4
req_nics=2
elif [[ $is_manager ]]; then
req_mem=16
req_cores=4
if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi
if [[ "$node_type" == 'idh' ]]; then req_mem=1 req_cores=2; fi
elif [[ "$standalone_or_dist" == 'import' ]]; then
req_nics=1
elif [[ $is_managersearch ]]; then
req_mem=16
req_cores=8
req_nics=1
elif [[ $is_sensor ]]; then
req_mem=12
req_cores=4
req_nics=2
elif [[ $is_fleet ]]; then
req_mem=4
req_cores=4
req_nics=1
elif [[ $is_searchnode ]]; then
req_mem=16
req_cores=4
req_nics=1
elif [[ $is_heavynode ]]; then
req_mem=24
req_cores=4
req_nics=2
elif [[ $is_idh ]]; then
req_mem=1
req_cores=2
req_nics=1
elif [[ $is_import ]]; then
req_mem=4
req_cores=2
req_nics=1
elif [[ $is_receiver ]]; then
req_mem=8
req_cores=2
req_nics=1
fi

if [[ $setup_type == 'network' ]] ; then
if [[ -n $nsm_mount ]]; then
if [[ "$standalone_or_dist" == 'import' ]]; then
if [[ -n $nsm_mount ]]; then # does a /nsm mount exist
if [[ $is_import ]]; then
req_storage=50
elif [[ "$node_type" == 'idh' ]]; then
elif [[ $is_idh ]]; then
req_storage=12
else
req_storage=100
Expand All @@ -748,10 +776,10 @@ check_requirements() {
whiptail_storage_requirements "/nsm" "${free_space_nsm} GB" "${req_storage} GB"
fi
else
if [[ "$standalone_or_dist" == 'import' ]]; then
if [[ $is_import ]]; then
req_storage=50
elif [[ "$node_type" == 'idh' ]]; then
req_storage=12
elif [[ $is_idh ]]; then
req_storage=12
else
req_storage=200
fi
Expand Down
22 changes: 11 additions & 11 deletions setup/so-setup
Original file line number Diff line number Diff line change
Expand Up @@ -422,7 +422,7 @@ if ! [[ -f $install_opt_file ]]; then
# If it is an install from ISO is this airgap?
[[ $is_iso ]] && whiptail_airgap
# Make sure minimum requirements are met
check_requirements "manager"
check_requirements
# Do networking things
networking_needful
# Do we need a proxy?
Expand Down Expand Up @@ -453,7 +453,7 @@ if ! [[ -f $install_opt_file ]]; then
monints=true
check_elastic_license
[[ $is_iso ]] && whiptail_airgap
check_requirements "manager"
check_requirements
networking_needful
[[ ! $is_airgap ]] && collect_net_method
collect_dockernet
Expand All @@ -474,7 +474,7 @@ if ! [[ -f $install_opt_file ]]; then
check_elastic_license
waitforstate=true
[[ $is_iso ]] && whiptail_airgap
check_requirements "manager"
check_requirements
networking_needful
[[ ! $is_airgap ]] && collect_net_method
collect_dockernet
Expand All @@ -494,7 +494,7 @@ if ! [[ -f $install_opt_file ]]; then
check_elastic_license
waitforstate=true
[[ $is_iso ]] && whiptail_airgap
check_requirements "manager"
check_requirements
networking_needful
[[ ! $is_airgap ]] && collect_net_method
collect_dockernet
Expand All @@ -512,7 +512,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_sensor ]]; then
info "Setting up as node type sensor"
monints=true
check_requirements "sensor"
check_requirements
calculate_useable_cores
networking_needful
check_network_manager_conf
Expand All @@ -527,7 +527,7 @@ if ! [[ -f $install_opt_file ]]; then

elif [[ $is_fleet ]]; then
info "Setting up as node type fleet"
check_requirements "fleet"
check_requirements
networking_needful
check_network_manager_conf
set_network_dev_status_list
Expand All @@ -540,7 +540,7 @@ if ! [[ -f $install_opt_file ]]; then

elif [[ $is_searchnode ]]; then
info "Setting up as node type searchnode"
check_requirements "elasticsearch"
check_requirements
networking_needful
check_network_manager_conf
set_network_dev_status_list
Expand All @@ -554,7 +554,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_heavynode ]]; then
info "Setting up as node type heavynode"
monints=true
check_requirements "heavynode"
check_requirements
calculate_useable_cores
networking_needful
check_network_manager_conf
Expand All @@ -569,7 +569,7 @@ if ! [[ -f $install_opt_file ]]; then

elif [[ $is_idh ]]; then
info "Setting up as node type idh"
check_requirements "idh"
check_requirements
networking_needful
collect_mngr_hostname
add_mngr_ip_to_hosts
Expand All @@ -583,7 +583,7 @@ if ! [[ -f $install_opt_file ]]; then
waitforstate=true
[[ $is_iso ]] && whiptail_airgap
check_elastic_license
check_requirements "import"
check_requirements
networking_needful
[[ ! $is_airgap ]] && detect_cloud
collect_dockernet
Expand All @@ -601,7 +601,7 @@ if ! [[ -f $install_opt_file ]]; then

elif [[ $is_receiver ]]; then
info "Setting up as node type receiver"
check_requirements "receiver"
check_requirements
networking_needful
collect_mngr_hostname
add_mngr_ip_to_hosts
Expand Down
8 changes: 4 additions & 4 deletions setup/so-variables
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ mkdir -p /nsm
total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
export total_mem

total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1024/1024); }')
total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1000/1000); }')
export total_mem_hr

num_cpu_cores=$(nproc)
Expand All @@ -32,10 +32,10 @@ export filesystem_root
filesystem_nsm=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
export filesystem_nsm

free_space_nsm=$(df -Pk /nsm | sed 1d | grep -v used | awk '{ print $4 / 1048576 }' | awk '{ printf("%.0f", $1) }')
free_space_nsm=$(df -Pk /nsm | sed 1d | grep -v used | awk '{ print $4 / 1042803 }' | awk '{ printf("%.0f", $1) }')
export free_space_nsm

free_space_root=$(df -Pk / | sed 1d | grep -v used | awk '{ print $4 / 1048576 }' | awk '{ printf("%.0f", $1) }')
free_space_root=$(df -Pk / | sed 1d | grep -v used | awk '{ print $4 / 1042803 }' | awk '{ printf("%.0f", $1) }')
export free_space_root

readarray -t mountpoints <<< "$(lsblk -nlo MOUNTPOINT)"
Expand Down Expand Up @@ -218,4 +218,4 @@ patch_pillar_file="$local_salt_dir/pillar/patch/soc_patch.sls"
export patch_pillar_file

adv_patch_pillar_file="$local_salt_dir/pillar/patch/adv_patch.sls"
export adv_patch_pillar_file
export adv_patch_pillar_file
17 changes: 1 addition & 16 deletions setup/so-whiptail
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ whiptail_requirements_error() {

[ -n "$TESTING" ] && return

if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then
if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') =~ 'nic' ]]; then
whiptail --title "$whiptail_title" \
--msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine." 10 75

Expand Down Expand Up @@ -1184,21 +1184,6 @@ whiptail_reinstall() {
whiptail_check_exitstatus $exitstatus
}

whiptail_requirements_error() {

local requirement_needed=$1
local current_val=$2
local needed_val=$3

[ -n "$TESTING" ] && return

whiptail --title "$whiptail_title" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel." 10 75

local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}

whiptail_sensor_config() {

[ -n "$TESTING" ] && return
Expand Down

0 comments on commit 26da525

Please sign in to comment.