- detect, and then give user option (if it exists) to use persisted compose config

- better logging/explanation.. well at least attempt to ;)
- add remove of OTRF docker images

docker/helk_remove_containers.sh

@@ -5,8 +5,12 @@
 # HELK build Stage: Alpha
 # Author: Roberto Rodriguez (@Cyb3rWard0g)
 # License: GPL-3.0
-
-LABEL="[HELK-REMOVE-CONTAINERS]"
+HELK_INFO_TAG="[HELK-REMOVE-CONTAINERS-INFO]"
+HELK_ERROR_TAG="[HELK-REMOVE-CONTAINERS-ERROR]"
+RED='\033[0;31m'
+CYAN='\033[0;36m'
+WAR='\033[1;33m'
+STD='\033[0m'
 
 # *********** Check if user is root ***************
 if [[ $EUID -ne 0 ]]; then
@@ -17,75 +21,133 @@ fi
 # *********** Set Log File ***************
 LOGFILE="/var/log/helk-install.log"
 echoerror() {
-    printf "${RC} * ERROR${EC}: $@\n" 1>&2;
-    echo -e "\nPlease see more information in the log file: $LOGFILE\n"
+    printf "${RED}${RC} * ERROR${EC}: $@\n" 1>&2;
+    echo -e "\n${RED}${HELK_ERROR_TAG}${STD} Please see more information in the log file: $LOGFILE\n"
+}
+
+# HELK Directory
+HELK_DIR="/usr/share/helk"
+# HELK Configuration File
+HELK_CONF_FILE="$HELK_DIR/helk.conf"
+# HELK Information File for operating system
+HELK_INFO_FILE="$HELK_DIR/helk_install.info"
+
+get_persist_conf() {
+  if [ ! -d "$HELK_DIR" ]; then
+    return
+  fi
+  if [[ -f $HELK_CONF_FILE ]]; then
+    COMPOSE_CONFIG=$(cat $HELK_CONF_FILE | grep COMPOSE_CONFIG | cut -d'=' -f2)
+  else
+    return
+  fi
 }
 
 # *********** Get installation compose-file ***********
+echo -e "${CYAN}${HELK_INFO_TAG}${STD} The following were the HELK install choices and their corresponding docker compose files with the Basic/Trial license:"
+echo " "
+echo -e "${CYAN}1.${STD}KAFKA + KSQL + ELK + NGNIX (Basic|Trial):"
+echo "'helk-kibana-analysis-basic.yml'"
+echo "'helk-kibana-analysis-trial.yml'"
+echo " "
+echo -e "${CYAN}2.${STD}KAFKA + KSQL + ELK + NGNIX + ELASTALERT (Basic|Trial):"
+echo "'helk-kibana-analysis-alert-basic.yml'"
+echo "'helk-kibana-analysis-alert-trial.yml'"
+echo " "
+echo -e "${CYAN}3.${STD}KAFKA + KSQL + ELK + NGNIX + SPARK + JUPYTER (Basic|Trial):"
+echo "'helk-kibana-notebook-analysis-basic.yml'"
+echo "'helk-kibana-notebook-analysis-trial.yml'"
+echo " "
+echo -e "${CYAN}4.${STD}KAFKA + KSQL + ELK + NGNIX + SPARK + JUPYTER + ELASTALERT (Basic|Trial):"
+echo "'helk-kibana-notebook-analysis-alert-basic.yml'"
+echo "'helk-kibana-notebook-analysis-alert-trial.yml'"
+echo " "
+get_persist_conf
 while true; do
-    read -e -p "$LABEL What config did you use for installation? " -i "helk-kibana-analysis-basic.yml" INSTALL_FILE
-    case "$INSTALL_FILE" in
-        helk-kibana-analysis-basic.yml|helk-kibana-analysis-trial.yml)
-            break;;
-        helk-kibana-analysis-alert-basic.yml|helk-kibana-analysis-alert-trial.yml)
-            break;;
-        helk-kibana-notebook-analysis-basic.yml|helk-kibana-notebook-analysis-trial.yml)
-            break;;
-        helk-kibana-notebook-analysis-alert-basic.yml|helk-kibana-notebook-analysis-alert-trial.yml)
-            break;;
-        *)
-            echo "The config file you entered does not exist..."
-            echo "Please provide a valid config file."
-    esac
-done
-
-
-# *********** Prune volumes ***************
-while true; do
-    read -e -p "$LABEL Do you want to prune the es_data volume ? " -i "yes" PRUNE
-    case "$PRUNE" in
-        yes)
-            docker volume prune
-            break;;			
-        no)
-            break;;
-        *)
-            echo "$LABEL Error, you can only chose yes or no..."
-    esac
+    if [ -z "$COMPOSE_CONFIG" ]; then
+      read -e -p "What installation config did you use from the examples above?: " -i "helk-kibana-analysis-basic.yml" INSTALL_FILE
+      case "$INSTALL_FILE" in
+          helk-kibana-analysis-basic.yml|helk-kibana-analysis-trial.yml)
+              break;;
+          helk-kibana-analysis-alert-basic.yml|helk-kibana-analysis-alert-trial.yml)
+              break;;
+          helk-kibana-notebook-analysis-basic.yml|helk-kibana-notebook-analysis-trial.yml)
+              break;;
+          helk-kibana-notebook-analysis-alert-basic.yml|helk-kibana-notebook-analysis-alert-trial.yml)
+              break;;
+          *)
+              echo "The config file you entered does not exist..."
+              echo "Please provide a valid config file."
+      esac
+    else
+      echo -e "${CYAN}${HELK_INFO_TAG}${STD} Detected a previous HELK install using '${COMPOSE_CONFIG}'"
+      read -e -p "Use this config (recommended) or supply a different option from the examples above: " -i "${COMPOSE_CONFIG}" INSTALL_FILE
+      case "$INSTALL_FILE" in
+          helk-kibana-analysis-basic.yml|helk-kibana-analysis-trial.yml)
+              break;;
+          helk-kibana-analysis-alert-basic.yml|helk-kibana-analysis-alert-trial.yml)
+              break;;
+          helk-kibana-notebook-analysis-basic.yml|helk-kibana-notebook-analysis-trial.yml)
+              break;;
+          helk-kibana-notebook-analysis-alert-basic.yml|helk-kibana-notebook-analysis-alert-trial.yml)
+              break;;
+          "$COMPOSE_CONFIG")
+              break;;
+          *)
+              echo "The config file you entered does not exist..."
+              echo "Please provide a valid config file."
+      esac
+    fi
 done
 
 # *********** Stop, remove containers, volumes and network ***********
-echo "$LABEL Using docker-compose to remove installation..."
+echo -e "${CYAN}${HELK_INFO_TAG}${STD} Using docker-compose to remove installation..."
 if [ "$(command -v docker-compose; echo $?)" != 0 ]; then
-    /usr/local/bin/docker-compose -f $INSTALL_FILE down --rmi all -v >> $LOGFILE 2>&1 # try to force command
+    /usr/local/bin/docker-compose -f "$INSTALL_FILE" down --rmi all -v >> $LOGFILE 2>&1 # try to force command
 else
-    docker-compose -f $INSTALL_FILE down --rmi all -v >> $LOGFILE 2>&1
+    docker-compose -f "$INSTALL_FILE" down --rmi all -v >> $LOGFILE 2>&1
 fi
 if [ $? -ne 0 ]; then
     echoerror "Error while trying docker-compose command.."
     exit 1
 fi
 
-echo "$LABEL Removing all images..."
-docker rmi $(docker images -a | awk '{ print $1,$3 }' | grep 'cyb3rward0g\|helk\|logstash\|kibana\|elasticsearch\|cp-ksql' | awk '{ print $2 }') >> $LOGFILE 2>&1
+echo -e "${CYAN}${HELK_INFO_TAG}${STD} Removing all images..."
+docker rmi "$(docker images -a | awk '{ print $1,$3 }' | grep 'otrf|cyb3rward0g\|helk\|logstash\|kibana\|elasticsearch\|cp-ksql' | awk '{ print $2 }')" >> $LOGFILE 2>&1
+#TODO: eventually give prompt for removing Elastic/Confluent components as user may be using those for other things on their system
 ERROR=$?
 if [ $ERROR -ne 0 ]; then
     echoerror "Could not remove images.."
     exit 1
 fi
 
+#TODO: eventually give option, compose file currently removes it
+# *********** Prune volumes ***************
+#while true; do
+#    read -e -p "$HELK_INFO_TAG Do you want to delete all of HELK's Elasticsearch (log) data ? " -i "yes" PRUNE
+#    case "$PRUNE" in
+#        yes)
+#            docker volume rm docker_es_data
+#            break;;
+#        no)
+#            break;;
+#        *)
+#            echo "$HELK_INFO_TAG Error, you can only chose yes or no..."
+#    esac
+#done
+
 # *********** Remove HELK service from firewalld ***********
 DIST="$(. /etc/os-release && echo "$ID")"
 
 if [[ "$DIST" == "centos" ]]; then
-    echo "$LABEL Removing firewall service..."
+    echo -e "${CYAN}${HELK_INFO_TAG}${STD} Removing firewall service..."
     rm /etc/firewalld/services/helk.xml >> $LOGFILE 2>&1
     if [ $? -ne 0 ]; then
         echoerror "Could not remove file from firewalld directory..."
         exit 1
     fi
 
-    echo "$LABEL Reloading firewall..."
+    echo -e "${CYAN}${HELK_INFO_TAG}${STD} Reloading firewall..."
     firewall-cmd --reload >> $LOGFILE 2>&1
     if [ $? -ne 0 ]; then
         echoerror "Could not reload firewall..."
@@ -93,4 +155,4 @@ if [[ "$DIST" == "centos" ]]; then
     fi
 fi
 
-echo "$LABEL You have successfully removed HELK containers.."
+echo -e "${CYAN}${HELK_INFO_TAG}${STD} You have successfully removed HELK containers.."