soup: work around Docker change

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

https://securityonion.net

3.07k stars 522 forks source link

soup: work around Docker change #1804

Closed dougburks closed 3 years ago

dougburks commented 3 years ago

Docker 20.10 added multi-user.target to After= in unit file: https://github.com/moby/moby/pull/41297

When Security Onion 16.04 updates to Docker 20.10 and reboots, this causes a delay with the Docker service and ultimately the Elastic services that require Docker will fail. We don't want to modify /lib/systemd/system/docker.service directly, so the current plan is to:

check to see if /lib/systemd/system/docker.service includes multi-user.target in the After= line
if so, copy /lib/systemd/system/docker.service to /etc/systemd/system/ and remove multi-user-target from there

dougburks commented 3 years ago

To test, install the latest ISO image and run through Setup but do NOT install updates. Snapshot the VM. Run soup which will install the new Docker packages. When you reboot, Elastic services will not start properly. Revert to snapshot, add the test PPA, then run soup, reboot, and verify that Elastic services now start properly.

cm-ops commented 3 years ago

VM set up according to guidance above. Tested using soup and reboot. Verified Elastic services did not start properly. Reverted the snapshot, added test PPA, and ran soup with a reboot. Verified Elastic services started properly and showed okay. Tested twice will same results both times.

dougburks commented 3 years ago

Thanks @cm-ops !

dougburks commented 3 years ago

securityonion-sostat - 20120722-0ubuntu0securityonion148 now available for Security Onion 16.04! https://blog.securityonion.net/2020/12/securityonion-sostat-20120722.html